Welch Blog

By: Katherine R. Welch

Welch Blog

          You probably know where you have placed your laptop, where your phone is, and which folder you may have put that important pdf into, but do you know where the data from all of those devices are stored?  The simple answer may be “the cloud”, but the cloud must have a physical hosting site that can connect to the internet, or it cannot exist.[1] The cloud, in simple terms, is a large digital storage space, much like a hard drive.[2] The benefit of this space is that it does not take up space on your devices, and you are able to access documents wherever there is access to the internet.[3] But what goes up must come down, or at least have a location here on Earth.

          As the legal world becomes more technologically savvy, one can begin to expect that some of their most crucial documents, photographs, and sensitive materials are stored in “the cloud.”[4] Our collective data is now stored in various countries around the world.[5] Without some carefully crafted legal maneuvering and verbiage, there could be serious consequences to a cloud based in a different jurisdiction.

          For instance, an American citizen, traveling for work to China, with documents stored in a cloud drive which is hosted out of Brazil, potentially implicates the property laws of three separate countries’ jurisdictions.[6] Additionally, data could be stored in more than one location or hosting cite.[7] Furthermore, one person could have information stored from one phone in three different countries.[8] A corporation may have some slight control over where data is stored, however, a large portion of the time neither the provider nor the consumer is ultimately aware of where cloud storage is physically located.[9]

          This has a wealth of implications, including notification laws, data breach protocols, and the privacy of the server. The European Union (EU) has developed its own laws regarding digital sovereignty and the protection of private information.[10] Many European countries have created mandatory disclosure laws regarding data being stored or coming from Europe.[11] The U.S., in contrast to the EU, provides no Constitutional provisions to digital privacy, although there is the 1974 Privacy Act which provides a base level of federal protection.[12] Most of the United States digital privacy rules and regulations are contractually dictated by large tech companies, with only a few states offering protections.[13]

           Cloud storage providers are notoriously secretive about their technology and techniques.[14] The majority of our information is stored within the clouds of tech and data companies such as Google, Facebook, Apple, and Microsoft.[15] The cloud is still a relatively new way of storing information, and for those tech giants who can afford the investment, it comes as a lucrative market advantage.[16] Apple charges a monthly fee for anyone wishing to store information in their cloud. Apple’s cloud being hosted out of multiple U.S. states, including a new two-billion-dollar budget for its data center in Reno, Nevada.[17]  However, even Apple is branching out, with plans to invest in data centers in Denmark and Ireland, as well as its already existing Chinese data centers for Chinese citizens.[18]

            Luckily, there appears to be an understanding that the individual consumer is not implicated in where the data storage company physically locates its cloud.[19] One may have never traveled to the country which hosts the cloud where his private data resides, and most jurisdictions are well aware of this fact, especially regarding foreign based storage sites.[20] However, it never hurts to remain vigilant of just where your information is landing. Just as you wouldn’t want to send the most sensitive documents to your entire contact list, thinking twice about which server you want to entrust with those documents may be a better way to navigate a sensitive space.

About the Author:

           Katherine is a third-year, regular division student at Delaware Law School. She also serves on the Moot Court Honor Society board as the Vice President – Interscholastic Chairperson. Additionally, she serves on the Diversity, Equity & Inclusion Counsel as a student representative. After graduation in May, Katherine plans to sit for the Delaware Bar Exam so that she may practice law in Delaware.

[1] Anna Nicholls, Where are Cloud Servers Located?, Teledata (May 24, 2021), https://www.teledata.co.uk/blog/where-are-cloud-servers-located.

[2] Id.

[3] Id.

[4] W. Kuan Hon, Julia Hörnle & Christopher Millard, Data Protection Jurisdiction and Cloud Computing – When are Cloud Users and Providers Subject to EU Data Protection Law? The Cloud of Unknowing, Part 3, 26 Int’l Rev. L. Comput. & Tech, 129, 133 (2012).

[5] John C. Eustice, Understanding the Intersection Between Data Privacy Laws and Cloud Computing, Thomas Reuters, https://legal.thomsonreuters.com/en/insights/articles/understanding-data-privacy-and-cloud-computing (last visited Mar. 13, 2023).

[6] Id.

[7] Id.

[8] Id.

[9] Swish Goswami, The Rising Concern Around Data and Privacy, Forbes (Dec. 14, 2020), https://www.forbes.com/sites/forbestechcouncil/2020/12/14/the-rising-concern-around-consumer-data-and-privacy/?sh=7aad050c487e.

[10] Hon, Hörnle & Millard, supra note 3, at 36.

[11] Edoardo Celeste & Federico Fabbrini, Competing Jurisdictions: Data Privacy Across the Borders, in Data Privacy and Trust in Cloud Computing, 43, 45-46 (Palgrace Macmillan, 2021).

[12] Id.

[13] Frederick D. Bellamy, U.S. Data Privacy Laws To Enter New Era in 2023, Reuters (Jan. 12, 2023), https://www.reuters.com/legal/legalindustry/us-data-privacy-laws-enter-new-era-2023-2023-01-12/ (providing that the relevant states are California, Connecticut, Utah, and Virginia).

[14] A Lunavian, Legal Battles Over Local Data: Why Your Cloud Location Matters, Lunavi (Feb. 15, 2017),  https://www.lunavi.com/blog/legal-battles-over-local-data-why-your-cloud-location-matters.

[15] P.S. Berman, Legal Jurisdiction and the Deterritorialization of Data, 71 VAND. L. REV. 11, 12 (2018).

[16] Id.

[17] Mary Zhang, Apple’s Data Centers: Enabling Growth in Services, Dgtl Infra (Sept. 15, 2022), https://dgtlinfra.com/appledatacenterlocations/#:~:text=In%20the%20United%20States%2C%20Apple,Oregon%3B%20and%20Newark%2C%220California.

[18] Id.

[19] Celeste & Fabbrini, supra note 9, at 44; See also Quentin Hardy, Where Does Cloud Storage Really Reside? And Is It Secure?, New York Times(Jan. 23, 2017), https://www.nytimes.com/2017/01/23/insider/where-does-cloud-storage-really-reside-and-is-it-secure.html.

[20] Celeste & Fabbrini, supra note 9, at 45-46.