Standards are often considered as an alternative form of regulation to legislative rule setting. However, standards also complement legislative acts, supporting their effective implementation and providing precise definitions for sometimes vague legal concepts. As we demonstrate, standards are not mere technical regulations but relate to sensitive political issues. The genesis and contents of ISO/IEC 27018 illustrate the interaction between both forms of regulation in the case of data protection in cloud computing. While the standard has been written with intensive consideration of the legal framework, we argue that the standard could reciprocally influence legal rule-making in the same domain.

Cloud Computing, Data Protection, ISO/IEC 27018, Privacy, Regulation, Standards
dx.doi.org/10.1109/Kaleidoscope.2015.7383634, hdl.handle.net/1765/88721
7th ITU Kaleidoscope: Trust in the Information Society, K-2015
No subsctiption
Rotterdam School of Management (RSM), Erasmus University

Löhe, M.G, & Blind, K. (2016). Regulation and standardization of data protection in cloud computing. Presented at the 7th ITU Kaleidoscope: Trust in the Information Society, K-2015. doi:10.1109/Kaleidoscope.2015.7383634