This article axamines data ownership in cloud computing, highlighting the critical legal ambiguities and challenges involved. It critiques property law and European regulations, partycularly GDPR, for failing to clearly define and adequately manage data ownership rights in digital environments. The article underscores how blockchain and AI technologies offer promising solutions for clarifying data ownership through enhanced transparancy, security, and user autonomy. Practical applications, such as smart contracts and decentralized data marketplaces, demonstrate these technologies’ potentialto enforce data ownership effectively. The article concludes by advocating for integrated legal and technological framewoks that explicitly prioritize and protect data ownership in cloud ecosystems.
Despite all the benefits that derive from cloud technologies, there exist several legal and regulatory challenges that require regulation and standards. Among these legal issues, data ownership is perhaps the most significant one, given that the usage of cloud services entails a technical transfer of data from the client to the provider. In this scenario, the cloud provider is considered the legal custodian of the data. This, in turn, can generate risks such as data privacy infringement, data loss, and data ownership risks.[1] Crucially, besides laws and regulations, technological innovation is reshaping the landscape of data ownership. Emerging technologies such as Artificial Intelligence (AI) and blockchain can offer promising solutions for enhancing data control and security. Blockchain-based decentralized storage introduces tamper-proof ownership records, allowing users to retain data sovereignty without relying entirely on CSPs.[2] Meanwhile, AI-driven privacy-enhancing technologies (e.g., federated learning and differential privacy) help enforce user control by minimizing unauthorized access and data exploitation.[3]
In a legal context, ownership usually refers to the exclusive rights over property, such as the right to possess, use, modify, transfer, or destroy it. Property law deals with the typical ownership definition.[4] However, in the digital environment, especially in the cloud industry, the concept of data ownership becomes ambiguous; as cloud computing involves storing, processing, and managing data on remote servers owned by third-party providers, which, as a result, creates significant questions concerning data ownership rights in the cloud ecosystem.[5] The issue is that the digital information is not recorded permanently on a physical object that can be owned, additionally, In contrast to physical property, digital information or data is non-rivalrous, so several owners can possess and use it at the same time without affecting its availability to others, which puts more complexity to the issue.[6] Crucially, several legal solutions were introduced, such as establishing intellectual property rights, yet they are still inappropriate and insufficient to address the exact sense of information ownership.[7] Moreover, the current European legal framework that applies to data ownership, which is mainly based on traditional civil-law property rights, is not satisfactory.[8] The problem became more complex in the absence of an agreement or contract terms[9] underlying data ownership in the cloud.[10] Nevertheless, contracts are not always enough due to the complexity of multiple claims and the lack of binding effects on third parties.[11]
The EU General Data Protection Regulation (GDPR) introduces the roles of data controllers and data processors,[12] which would help to determine who has the decision-making power over personal data in a digital environment like the cloud.[13] By deeply investigating these provisions, it could be extracted that the cloud customers as controllers can determine why, how, and what data to be processed, but they do not own it. On the other hand, the CSP processes personal data on behalf of the controller but does not have independent rights over the data, they act as a custodian rather than owners. A data subject (the individual to whom the data relates) has numerous rights over their data, but they do not "own" it in the way one owns physical property.[14] Notably, the GDPR does not define data ownership in a legal sense but grants control rights to individuals over their personal data while regulating how organizations can process it. It is to be highlighted that Article 20 of the GDPR deals with an important concept in this regard, which is "Data Portability", which, by the GDPR, grants individuals the right to receive their personal data in a structured, commonly used, and machine-readable format. It also allows them to transmit this data to another data controller without hindrances.[15] Data portability strengthens the idea that individuals have a degree of control over their data.[16] It allows them to move their data, effectively exercising a form of "ownership" over it.[17] However, it is to be noted that the GDPR does not grant absolute data ownership, but with limitations. The legal debate on data ownership is still ongoing, with new EU regulations like the Data Act trying to offer solutions to this issue. Notably, the EU Data Act does not introduce the legal concept of "data ownership" but establishes access and sharing rights that promote data portability, fair contracts, and interoperability while ensuring that businesses, consumers, and governments can benefit from data-driven innovation.[18]
The ambiguity surrounding data ownership becomes particularly problematic in the context of cross-border data transfers or storage, where multiple parties may have access to and control over the data. Determination and Enforcement of these laws become difficult when data resides in multiple locations, as in the case of cloud computing, since many cloud providers are multinational companies located on different continents.[19] As established, data ownership is not well defined, and this is exacerbated when data is stored in many locations, who has ultimate control over the data, and who bears the legal responsibilities.[20]
The question of data ownership rights between cloud users and providers is a critical issue to investigate, especially with the rapid evolution of cloud computing and its consequent effects on how data is stored, processed, and managed. Unlike traditional data storage methods, where individuals or businesses maintain direct control over their data, CSPs'role is closer to being custodians rather than owners.[21] It is essential to draw this distinction, which would contribute to mitigating data breaches in the cloud ecosystem. Major cloud service providers such as Amazon Web Services (AWS), Google Cloud, and Microsoft Azure often deal with enormous amounts of personal data; however, they do not own any direct rights to it, but rather, they control how it is stored, accessed, and processed. Despite that, this custodianship could threaten users' autonomy and rights over their data, as it grants providers significant power over data encryption, retention policies, and access rights.[22]
The primary issue here is not whether users own their data but how much control they truly have over it once stored in cloud servers. Usually, the cloud services agreements grant the CSPs the right to data encryption keys, and customers are eligible to access their data through the provider's instructions, which, as a result, could block them from access if the providers restrict it, as they often do not have independent power of retrieving their data.[23] Data Retention and Deletion Policies are another challenge, as the CSPs have the power to enforce their own rules on when and for how long to keep the data stored in their cloud, for instance, after the termination of a contract or negligence of paying, which could lead to unwanted incidents of data loss. A good example to draw in this re-
- 41/42 -
spect is Microsoft Azure's policy, which states that user data is deleted after a retention period following account termination. If a business using Azure fails to back up its data, it cannot retrieve lost information after the deletion period.[24] Moreover, Access Restrictions and Account Suspensions are serious concerns; since CSPs have the right to suspend or terminate services for several reasons, such as policy violation, fraud, or security risks. Subsequently, if an account is suspended due to policy violations, it may result in access loss to all stored data. This means users who depend on Google's cloud services could be locked out of their own data unexpectedly.[25]
This article argues that utilizing technological advancements in cloud transactions and agreements can offer contemporary solutions to data control and ownership-related issues and enhance data privacy in cloud environments, overcoming these challenges and risks in a non-traditional way.
To provide a contemporary solution to the challenges surrounding data ownership in the cloud, this article explains how the intersection of AI and blockchain technologies within cloud computing could play a crucial role in clarifying data ownership and ensuring privacy by introducing transparency, automation, and security into data governance. Blockchain technology provides a decentralized and fixed ledger that can be used to establish clearer data ownership and accountability in the cloud.[26] Unlike traditional cloud storage controlled by a single provider, blockchain-based storage ensures that no single party has absolute control over data. Users can store encrypted data in decentralized nodes, maintaining ownership while reducing reliance on centralized cloud providers.[27] Moreover, GDPR compliance can be improved through blockchain-based records, ensuring transparency in who can access the data and when. Also, it helps in proving compliance with data sovereignty laws across different jurisdictions.[28]
With regard to AI integration into the cloud, Artificial Intelligence enhances data privacy by improving security mechanisms and automating data governance, It can dynamically manage who can access specific data based on user behavior, reducing unauthorized access.[29] AI strengthens data ownership enforcement through intelligent access control and privacy-preserving techniques.[30] An impactful application of it is the Smart Contracts that could automate and enforce Ownership Agreements, as one of the biggest challenges in data ownership disputes is the lack of enforceability in cloud agreements. Smart contracts remove the need for intermediaries and automate data-sharing agreements.[31] AI and Blockchain together would prevent Cloud Providers from overreaching another CSP often claims broad rights over user data through Terms of Service (ToS), limiting ownership.[32] Different regulations (e.g., GDPR) require CSPs to ensure data subject rights and accountability; Blockchain and AI would simplify compliance by making data ownership explicit and automating regulatory enforcement.
AI is an impactful tool for data management in the cloud, as it could help to ensure that only authorized parties have access rights by implementing intelligent access controls and privacy-preserving AI methods.[33] Instead of traditional access rules, CSPs can save both time and effort by applying AI models that analyze customers' usage patterns and context to grant or revoke access in real-time. Since AI algorithms can consciously monitor data access behaviors and attempts, so can prevent illegal access or adjust and restrict their permissions when access patterns deviate from the usual time or the amount of data retrieved.[34] As a result, this could mitigate risks of insider threats to data in the cloud. This could be done through adapting machine learning models by the CSPs trained on what is normal legal access and what is not. Notably, AI-driven identity and access management (IAM) systems are also emerging. These are highly useful for granting special access for a specific, limited time or task upon certain perceptions.[35]
AI could be used to reinforce data ownership rights and enhance compliance in the cloud ecosystem.[36] CSPs may use AI to automatically discover and classify sensitive data across cloud storage by scanning databases and documents to detect personal identifiers, financial information, or other sensitive content and assign its ownership rights to the proper party by granting the correct access policies.[37] Additionally, AI could be a significant tool for cross-border data transfer, a common critical issue in cloud transactions. AI can track how data is shared, transferred, and stored within multiple jurisdictions. This provides an extra layer of protection for data ownership by detecting breaches or unauthorized transfers early.[38] One good example is the policy followed by a major cloud provider, "IBM Cloud," which states that customers keep the ownership rights of their data stored or processed in the IBM Cloud. And that is enforced by using AI advances to automate compliance checks according to related regulations, such as the GDPR, so customers are confident that their data remains under their control.[39] Moreover, AI could be an ideal method for compliance audits. For instance, AI log analysis can provide evidence that only legal processing operations were taken on the data stored in their cloud. This is a vital compliance demonstration, especially for sensitive sectors like health and financial data, and no less important than preventing unauthorized access in the first place.[40]
Overall, AI Cloud would lead to a boost in data management, enforce automatic ownership policies, detect and prevent unauthorized access, leading to increased compliance levels for CSPs by embodying privacy by design and accountability in their data workflows. It is not a peculiar policy of the European regulators; the EU's GDPR, for example, explicitly calls for technical safeguards and continuous oversight for data handling.[41] By deploying AI-driven controls, cloud providers and users can ensure that data ownership rights are respected.
In the context of data ownership in the cloud, Blockchain technology and the associated smart contracts would constitute an impactful instrument concerning tamper-proof recording of ownership, transparent access control rules, and even automated enforcement of terms when data is used.[42] In simple words, Blockchain technology is a shared, immutable ledger that facilitates the process of recording transactions and tracking assets in a business network.[43] Smart contracts are commonly linked to this technology. "Unlike traditional paper-written contracts, neither like a full online one, the smart contract gathers more characteristics of these models. It is usually a computer code on a distributed ledger technology such as the blockchain. It executes itself upon receipt of electronic data inputs, it has also the ability to adjust itself or transfer payments or other assets, monitor stock levels, or effect other actions automatically; because this is what it is programmed to do".[44] In the cloud, smart contracts would enable complex logic for data access and ownership to be executed automatically without intermediaries. It could serve as a tamper-proof access control list on a blockchain. So, traditional databases, which are usually used to determine who can access certain data in the cloud, will no longer be needed.[45] Smart contracts can run this policy programmatically; since smart contract code is replicated across the blockchain network, no possibility to change or violate the access rules; it will only do what the encoded policy permits.[46] The blockchain acts as an equal gatekeeper, where in the case of providing credit codes, the smart contract grants access to the data; otherwise, it will not give such access.[47]
- 42/43 -
Several Real-world implementations of blockchain for data ownership are already emerging. A good example is the "Hu-manity.co"[48] initiative in collaboration with IBM Cloud. Which by created a blockchain-based platform called the "Global Consent Ledger" to let individuals claim property rights over their personal data, and specify how it can be used, accordingly letting the data subjects determine who and for what purposes their data can be accessed,[49] by reporting these factors smart contracts on the IBM Blockchain Platform enforce these choices.[50] It is important to note that the data itself is not stored in the blockchain, but it remains in the original source.[51] Yet another pioneering example is the research initiative between IBM Watson Health[52] and the U.S. Food and Drug Administration (FDA). Aimed at defining a secure, efficient, and scalable exchange of health data using blockchain technology. Where patients could grant researchers or providers access to portions of their data via smart contracts, and every access would be logged on the blockchain for transparency, this in essence constitutes essential data ownership in action, where the patient remains in control, but can securely share data to advance healthcare.[53] A further pertinent example is the Enterprise Data Sharing Consortiums; in finance and supply chain sectors, companies are forming blockchain consortia to share data securely. For example, "TradeLens" (by Maersk and IBM) uses blockchain to share shipping data among carriers, ports, and customs, where each party owns their data but shares certain pieces via the blockchain to streamline the supply chain. This shows how blockchain lets multiple parties contribute data to a common platform without conceding ownership.[54] One more project that deserves mention is the "Ocean Protocol[55] - Decentralized Data Marketplace", which provides tools for data owners to monetize their data while preserving control through smart contracts and data tokens to manage access permissions, as data subjects can offer their data on the Ocean market and specify a price which could be then granted access upon purchasing a data token the smart contract manage.[56] This process means the data owners do not have to leave the hands of those who store it for others to benefit from it.
These case studies of the usage of blockchain technology and the associated smart contracts illustrate how blockchain could provide the trust, transparency, and enforcement needed to let data be confidently shared data for useful purposes. It allows multiple parties, like data subjects, cloud customers, and CSPs, to collaborate without losing their respective ownership rights.
To fully grasp the significance of data ownership, it is essential to move beyond legal doctrine and explore its economic dimensions, particularly how regulation can either foster or hinder innovation and market development, especially in the cloud industry.
While legal and privacy considerations often dominate discussions surrounding data ownership, it is increasingly important to consider the economic dimensions of this issue. The way in which data ownership and sharing are regulated can significantly affect the broader digital economy, innovation ecosystems, and market competition. A well-balanced regulatory framework can stimulate growth and innovation, while overly rigid or ambiguous rules may inadvertently stifle technological advancement and economic opportunity.[57]
Data has emerged as a key economic resource in today's digital economy. It is used regularly by companies in numerous industries, including healthcare and online commerce, to generate insights, design new products, customize offerings, and streamline operations.[58] As a result, legal certainty relating to data ownership largely determines economic performance. Good control of data ownership can spur a data-sharing economy by making people or entities more open to exchanging information under some rules. Conversely, uncertainty on ownership or control of data can lead to underdevelopment or fragmentation and block efficient flows of data and collective innovation.[59]
Control of data ownership is critical in shaping the path of innovation. Strong mechanisms can limit access to vast reservoirs of data, particularly for frontier technologies such as AI, big data analytics, and cloud-based systems. For start-ups and small firms, access to data is often critical in order to counter existing incumbents with massive data reservoirs. Thus, fair access provisions and sharing of data obligations, such as in the EU's Data Act, are key to a level playing field and encouraging competition.[60]
Policy-makers then need to reconcile management of personal data with opening data to enable innovation. New concepts such as "data custodianship" and "data altruism" aim to reconcile the gap by providing controlled access to data under fair and open conditions.[61] Regulatory support for interoperable data-sharing mechanisms can also unlock economic potential without compromising fundamental rights. Under such circumstances, CSPs are either facilitators or gatekeepers based on contractual and legal obligations governing their position as hosts of data.[62]
It is to be noted at the end that understanding the economic implications of data ownership regulation is essential to create sensible legal frameworks that not only protect privacy and autonomy but also foster a vibrant digital economy.
The ambiguity surrounding data ownership in cloud computing remains significant, especially given the complexity of the digital environment and cross-border data storage scenarios. Current traditional legal frameworks, mostly derived from property law, are insufficient to adequately address the challenges posed by the digital and non-rivalrous nature of the data. While GDPR introduces mechanisms such as data portability and defines clear roles for data controllers and processors, it stops short of defining absolute data ownership, thus leaving certain ambiguities unresolved. Technological innovations, particularly Blockchain and AI, provide promising avenues to address these ambiguities by enabling decentralized, tamper-proof record-keeping and automated enforcement of ownership and access rights. Blockchain-based smart contracts and AI-driven data management systems offer significant potential in ensuring transparency, automating compliance, enhancing data sovereignty, and protecting user autonomy over data stored in cloud environments.
Ultimately, addressing the complexities of data ownership in cloud computing requires a careful balance between legal interventions and leveraging technological innovation. Policies that clearly delineate responsibilities, enforce transparency, and foster user-centric data governance models will be essential in creating a robust legal and technological framework for data ownership in the cloud industry. Future regulatory and technological developments will significantly influence data ownership and privacy within cloud computing, AI, and blockchain domains. Regulations such as GDPR and emerging privacy laws need to be expanded, offering clearer guidelines for AI accountability, blockchain governance, and cross-border data transfers. Technological innovations like decentralized data management models, explainable AI, privacy-preserving techniques, and sustainable blockchain infrastructures will enhance transparency, security, and user control. The regulation of data ownership not only safeguards rights but also shapes economic outcomes. Clear rules and fair access to data can drive innovation and competition, especially in emerging technologies. Striking the right balance between control and openness is key to unlocking both individual and societal benefits. Together, these advances promise a future digital environment marked by greater user empowerment, regulatory clarity, and technological responsibility. ■
- 43/44 -
NOTES
[1] Balboni, Paolo: Data Protection and Data Security Issues Related to Cloud Computing in the EU (August 18, 2010). ISSE 2010 Securing Electronic Business Processes - Highlights of the Information Security Solutions Europe Conference 2010, Tilburg Law School Research Paper No. 022/2010. Pages 2-4. Available at SSRN: https://ssrn.com/abstract=1661437.
[2] Merlec, M. M.- In, H. P. (2024): "Blockchain-Based Decentralized Storage Systems for Sustainable Data Self-Sovereignty: A Comparative Study". Sustainability, 16(17), 7671. Page 4-5. https://doi.org/10.3390/su16177671.
[3] Shuaib, Mohammad, et al.: "Data Ownership in the AI-Powered Integrative Health Care Landscape" (2024) 12(1) JMIR Medical Informatics e57754. https://doi.org/10.2196/57754.
[4] Reed, Chris: "Information Ownership in the Cloud" (Second Edition) (2021). C. Millard (ed.), Cloud Computing Law (2nd Edn, OUP 2021), page 3. Available at SSRN: https://ssrn.com/abstract=4204914.
[5] Christopher Millard (ed): "Cloud Computing Law", i. m. pages: 198-200.
[6] Reed, Chris i. m., page 7.
[7] Butculescu, Claudiu Ramon: "Considerations Regarding Legal Ownership of the Data Stored Within Cloud Based Systems" (June 1, 2016). National Strategies Observer No.2/Vol.1, 2015, Available at SSRN: https://ssrn.com/abstract=2787653.
[8] Banterle, Francesco: "Data Ownership in the Data Economy: A European Dilemma" (August 1, 2018). EU Internet Law in the digital era, (edited volume based on the REDA 2017 conference), Springer, (2018) Forthcoming, Available at SSRN: https://ssrn.com/abstract=3277330.
[9] For example: terms of service (ToS), SLAs, and data processing agreements (DPAs).
[10] Reed, Chris, i. m., page 5.
[11] Banterle, Francesco, i. m.
[12] The Cloud users and Cloud service providers "CSPs" respectively.
[13] Kamarinou, Dimitra - Millard, Christopher - Turton, Felicity: Responsibilities of Controllers and Processors of Personal Data in Clouds (May 2021). Chapter 9, 'Responsibilities of Controllers and Processors of Personal Data in Clouds', in C. Millard (ed.): Cloud Computing Law, (2nd edn, OUP 2021, page 9-10. Available at SSRN: https://ssrn.com/abstract=4255853.
[14] Burri, Mira (ed.): "Data Ownership and Data Access Rights" in Big Data and Global Trade Law (Cambridge University Press 2021) https://www.cambridge.org/core/books/big-data-and-global-trade-law/data-ownership-and-data-access-rights/BC314C63C58A09C4B9C5D55894FE68C6.
[15] Data Protection Commission (Ireland), 'Right to Data Portability (Article 20 GDPR)' (Data Protection Commission) http://www.dataprotection.ie/en/individuals/know-your-rights/right-data-portability-article-20-gdpr.
[16] Laje, A. - Schmidt, K.: The Right to Data Portability as a Personal Right. Laws 2024, 13, 47. https://doi.org/10.3390/laws13040047.
[17] Information Commissioner's Office (ICO). (n.d.). "Right to data portability". https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/right-to-data-portability/
[18] European Commission, "Data Act Explained" (Shaping Europe's Digital Future, 2023) https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained.
[19] Chang, Henry: "Data Protection Regulation and Cloud Computing" (August 31, 2014). PRIVACY AND LEGAL ISSUES IN CLOUD COMPUTING, Anne S.Y. Cheung and Rolf H. Weber, eds., Edward Elgar Publishing, pp. 26-42, 2015, page 9. Available at SSRN: https://ssrn.com/abstract=2610615.
[20] "EU Cloud Code of Conduct". Available at: https://www.edpb.europa.eu/system/files/2024-02/eucloudcoc.pdf.
[21] van Dijck, J. H. C. (2021). Data ownership revisited: Clarifying data accountabilities in times of big data and cloud computing. Technology and Regulation, 2021(1), 49-58. Page 9. https://www.tandfonline.com/doi/epdf/10.1080/2573234X.2021.1945961?needAccess=true.
[22] Reed, Chris, i m., page 9.
[23] Google Cloud, "Customer-Managed Encryption Keys" (Google Cloud Documentation, 2024) https://cloud.google.com/storage/docs/encryption/customer-managed-keys.
[24] Microsoft, "Data Retention, Deletion, and Destruction in Microsoft 365" (Microsoft Learn, 2024) available at: https://learn.microsoft.com/en-us/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview.
[25] Google Cloud, "Cloud Billing Account Suspension" (Google Cloud Documentation, 2024) https://cloud.google.com/channel/docs/concepts/google-cloud/suspension.
[26] Alibaba Cloud Intelligence GTS, "Digital Transformation in Cloud Computing: Top-Level Design, Architecture, and Applications" (1st edn, CRC Press 2022). Page 30-32.
[27] Christopher Millard (ed.): Cloud Computing Law. i. m., Pagees: 214-217.
[28] Jusic, Asim: Privacy between Regulation and Technology: GDPR and the Blockchain (March 4, 2022). IUS Law Journal, Vol. 1, No. 1, p. 47-59 (February 2022). , Available at SSRN: https://ssrn.com/abstract=4049371.
[29] Heister, Stanton - Kristi Yuthas: "How Blockchain and AI Enable Personal Data Privacy and Support" (Portland State University) page 7. Available at: https://pdxscholar.library.pdx.edu/cgi/viewcontent.cgi?article=1236&context=busadmin_fac.
[30] Surya, Lakshmisri: "Streamlining Cloud Application with AI Technology" (October 10, 2018). International Journal of Innovations in Engineering Research and Technology [IJIERT] ISSN: 2394-3696 Volume 5, Issue 10, Oct.-2018, Available at SSRN: https://ssrn.com/abstract=3785667.
[31] Taherdoost, Hamed: "Smart Contracts in Blockchain Technology: A Critical Review" (February 13, 2023). Taherdoost, H.: Smart Contracts in Blockchain Technology: A Critical Review. Information 2023, 14, 117. https://doi.org/10.3390/info14020117, Available at SSRN: https://ssrn.com/abstract=4626828.
[32] Heister, Stanton - Kristi Yuthas, i. m.
[33] Rodríguez, A. - Popescu, E. (2025): Privacy-Preserving AI Models for Cloud and Edge Computing Security. Synergy: Cross-Disciplinary Journal of Digital Investigation, 3(3), 1-19. Available at: https://multijournals.org/index.php/synergy/article/view/3210.
[34] Azhar, Ishaq: The Impact of AI on Identity and Access Management: An Empirical Analysis (September 3, 2015). Ishaq Azhar Mohammed: "THE INTERACTION BETWEEN ARTIFICIAL INTELLIGENCE AND IDENTITY & ACCESS MANAGEMENT: AN EMPIRICAL STUDY", International Journal of Creative Research Thoughts (IJCRT), ISSN:2320-2882, Volume.3, Issue 1, pp. 668-671, March 2015, Available at SSRN: https://ssrn.com/abstract=3905768.
[35] Shalu Santvana - Mohd Imran: "Data Access Management in the AI Era", https://lumendata.com/blogs/data-access-management-in-the-ai-era/.
[36] Salako, Ademola - Fabuyi, Jumai - Aideyan, Nsidibe Taiwo - Selesi-Aina, Oluwatosin - Dapo-Oyewole, Dooshima Louisa - Olaniyi, Oluwaseun Oladeji: Advancing Information Governance in AI-Driven Cloud Ecosystem: Strategies for Enhancing Data Security and Meeting Regulatory Compliance (December 07, 2024). Available at SSRN: https://ssrn.com/abstract=5047454.
[37] Carmine Clementelli: 'Advancing Sensitive Data Classification in the Age of AI' (Cyera, 23 August 2024) https://www.cyera.io/blog/advancing-sensitive-data-classification-in-the-age-of-ai.
[38] Israel, Desmond: "Assessing the Effectiveness of Cross-Border Data Flow Regulations in the Age of Artificial Intelligence (AI)" (April 18, 2023). Chapter 4. Available at SSRN: https://ssrn.com/abstract=4448648.
[39] IBM, 'IBM's Principles for Trust and Transparency' (30 May 2018) https://www.ibm.com/policy/trust-principles/.
[40] Smith, J. - Doe, A. (2024): AI and the Future of Cloud Security Governance and Compliance. Available at: https://www.researchgate.net/publication/385509645.
[41] Look at articles 25 and 32 of the GDPR.
[42] Xiaojin Liu and others: "A Blockchain-Based Framework for Data Sharing With Fine-Grained Access Control in Decentralized Storage Systems" (2018) page: 1-2 https://www.researchgate.net/publication/326075893_A_Blockch-Based_Framework_for_Data_Sharing_With_Fine-Grained_Access_Control_in_Decentralized_Storage_Systems.
[43] Ammous, Saifedean: "Blockchain Technology: What is it Good for?" (August 8, 2016). Available at SSRN: https://ssrn.com/abstract=2832751. Page 1-2.
[44] Marcelo Corrales Mark Fenwick - Helena Haapio (eds.): "Legal Tech, Smart Contracts and Blockchain" (Springer 2019). Page 20.
[45] Sarfaraz, Aaliya - Chakrabortty - Ripon K. - Essam, Daryl L.: "Accesschain: An Access Control Framework to Protect Data Access in Blockchain Enabled Supply Chain". Pages 2-4. Available at SSRN: https://ssrn.com/abstract=4039908.
[46] Yongbin Zhou and others: "Smart Contract-Based Access Control Framework for Internet of Things Devices" (2023) 12(11) Computers 240 https://www.mdpi.com/2073-431X/12/11/240.
[47] Bowen Liu - Siwei Sun - Pawel Szalachowski: ‘SMACS: Smart Contract Access Control Service' (2020) https://arxiv.org/pdf/2003.07495 .
[48] Hu-manity.co is a global technology company founded in 2018, dedicated to establishing data ownership as a fundamental human right. The company advocates for the recognition of personal data as legal property, empowering individuals to control, manage, and potentially monetize their information.
[49] For example a user could consent to share their medical records only for cancer research, or choose to lease it to a pharmaceutical company for a fee.
[50] "Hu-manity.co Collaborates with IBM Blockchain on Consumer App to Manage Personal Data Property Rights" (Hu-manity.co, 2024) https://hu-manity.co/hu-manity-co-collaborates-with-ibm-blockchain-on-consumer-app-to-manage-personal-data-property-rights/.
[51] Mayer, Sean: "Off-Chain Data Storage: Balancing Efficiency and Integrity" (Scalable Human Blog, 11 January 2024) https://scalablehuman.com/2024/01/11/off-chain-data-storage-balancing-efficiency-and-integrity/.
[52] IBM Watson Health was a division of IBM established to harness artificial intelligence (AI) and data analytics in the healthcare sector. Launched in 2015, its mission was to revolutionize healthcare by leveraging IBM's Watson AI capabilities to assist in medical research, clinical decision-making, and patient care.
[53] "IBM Watson Health Announces Collaboration To Study The Use Of Blockchain Technology For Secure Exchange Of Healthcare Data" (Med Device Online, 11 January 2017) https://www.meddeviceonline.com/doc/ibm-watson-health-collaboration-blockchain-exchange-healthcare-data-0001.
[54] Jensen T. and others: "How TradeLens Delivers Business Value with Blockchain Technology" (2020) IBM & Maersk Report.https://www.researchgate.net/publication/345356583_How_TradeLens_Delivers_Business_Value_With_Blockchain_Technology.
[55] Which is an open-source blockchain project.
[56] Ocean Protocol: "Tools for the Web3 Data Economy" (2017) Available at: https://oceanprotocol.com/tech-whitepaper.pdf.
[57] OECD. (2021). Enhancing access to and sharing of data: Reconciling risks and benefits for data re-use across societies. OECD Publishing. https://doi.org/10.1787/276aaca8-en. Pages: 60-70.
[58] OECD. (2015). Data-driven innovation: Big data for growth and well-being. OECD Publishing. https://doi.org/10.1787/9789264229358-en. Pages: 25-26.
[59] Ibid, pages: 212-219.
[60] OECD. (2021). Enhancing access to and sharing of data: Reconciling risks and benefits for data re-use across societies. Previous reference. Pages: 34, 37-39, 60, 66.
[61] Delacroix, S. - Lawrence, N. D. (2019): Bottom-up Data Trusts: Disturbing the 'One Size Fits All' Approach to Data Governance. International Data Privacy Law, 9(4), 236-252. https://academic.oup.com/idpl/article/9/4/236/5579842?login=false. Pages: 237-238.
[62] Ibid, pages: 247-248.
Lábjegyzetek:
[1] A szerző PhD hallgató a Károli Gáspár Református Egyetemen.
Visszaugrás
