Cloud Computing Law: Data Protection and Cybersecurity Univerity of London Course Overview
Vast amounts of personal information are processed in the cloud. But who is legally responsible for such ‘personal data’ in cloud environments? What duties do cloud providers like Amazon, Microsoft, and Google have? And what rights can you, as an individual, exercise under data protection law? If you’d like to find out, then this course is for you!
First, we’ll look at how the European Union’s ‘General Data Protection Regulation’ (‘GDPR’) regulates the processing of personal data in cloud services. You’ll learn to identify controllers and processors, describe their roles and responsibilities, and understand how cloud customers and providers can comply in practice.
Second, we’ll look at international transfers of personal data. We’ll explain how the GDPR can apply to cloud providers and their customers anywhere in the world, as well as how restrictions on international transfers apply to cloud services.
Third, we’ll look at how the Network and Information Security (‘NIS’) Directive regulates the cybersecurity of critical infrastructure. You’ll learn to identify cloud providers’ duties to notify security breaches and to keep their services secure, and how to apply those duties to concrete case studies.
In short, this course covers how the GDPR and NIS Directive apply to cloud services and what cloud providers and their customers should do to comply.
Cloud Computing Law: Data Protection and Cybersecurity Coursera Syllabus
WEEK 1 – Protecting Personal Data in the Cloud
This week, you’ll learn how data protection laws regulate the processing of personal data in cloud services. We will focus, in particular, on the rules applying to cloud service providers and their customers as ‘processors’ and ‘controllers’ under the EU’s General Data Protection Regulation (GDPR). We will explore the principles that must be followed and consider the legal grounds for processing personal data in the cloud, as well as how individuals might exercise their rights and the potential consequences for cloud providers of failing to comply with their obligations. By the end of this week, you’ll be able to identify what is regulated as personal data and analyse what cloud providers and their customers must do to ensure compliance with the GDPR.
WEEK 2 – International Data Transfers and Cloud Services
This week, you’ll learn how the GDPR applies to international transfers of data in cloud computing. First, we will examine the broad territorial scope of the GDPR in the context of cloud computing. Then we will explore how GDPR may restrict international transfers of cloud data; the legal mechanisms that may be relied on to justify regulated transfers; and possible exceptions to the transfer restriction. By the end of this week, you’ll be able to explain the international reach of GDPR and how its data transfer rules apply to cloud providers and their customers.
WEEK 3 – Cybersecurity, Cloud, and Critical Infrastructure
This week, you’ll learn about the regulation of cloud services as critical infrastructure under the Network and Information Security (‘NIS’) Directive. First, we’ll look at which cloud services need to comply with this Directive. Then, we’ll review the obligations to keep cloud services secure and to report security incidents to a regulator. By the end of this week, you’ll be able to describe how a cloud provider can comply with the NIS Directive, as well as the possible penalties for breaking the rules.
- Christopher Millard
- Johan David Michels
- Dimitra Kamarinou
- Ian Walden