Data sovereignty and the Cloud – a structured bibliography


A structured bibliography is provided to assist research into the late-2013 status of cloud and data sovereignty (or “digital protectionism”) policy discussions in Australia and elsewhere.

This set of references includes documents assisting understanding of the late-2013 status of cloud and data sovereignty (or “digital protectionism”) policy discussions in Australia. Material from the US, EU and other countries is necessarily less complete than that from Australia. Some online material may require registration or subscription. Links were active in October 2013.

1. Articles, books, papers

Aaronson, Susan. “Internet Governance or Internet Control? How to Safeguard Internet Freedom.” Cicero Foundation Great Debate, no. 13 (2013). Available at:

Aaronson, Susan and Maxim, Rob. “Data Protection and Digital Trade in the Wake of the NSA Revelations.” Intereconomics Volume 48, Number 5, September/October 2013. Available at:

Aaronson, Susan and Townes M.D. “Can Trade Policy Set Information Free? Trade Agreements, Internet Governance, and Internet Freedom”, December 2012. Available at:

Ahn, Gail-Joon, James Joshi and Hassan Takabi. ‘Security and Privacy Challenges in Cloud Computing Environments.’ (2010) Security & Privacy, IEEE 8(6): 24-31.

Albeshri, Aiiad, Colin Boyd and Juan Conzalez Nieto. “GeoProof: Proofs of Geographic Location for Cloud Computing Environment. ” International Conference on Distributed Computing Systems Workshops (2012).

Angelo, Lisa. ‘Exploring Legal Issues at High Altitudes: The Law in the Cloud.’(2012) International Trade Law Journal 20(1): 39.|contract&type=matchall

Asghar, Muhammad Rizwan, Mihaela Ion et al. “Securing Data Provenance in the Cloud.” In Open Problems in Network Security, edited by Jane Camenisch & Dogan Kesdogan, 145-161. Lucerne, Switzerland: iiNetSec, 2011.

Australian Communications Consumer Action Network. “Data Breach Notifications: Submission by the Australian Communications Consumer Action Network to the Attorney-General’s Department.” ACCAN (2012). Available at:

Badger, Lee, Tim Grance, Robert Patt-Corner and Jeff Voas. “Cloud Computing Synopsis and Recommendations.” National Institute of Standards & Technology, Special Publication 800-146 (2012).

Bamiah MA and SN Brohi. “Exploring the Cloud Deployment and Service Delivery Models.” International Journal of Research and Reviews in Information Sciences, Vol. 1, No. 3 (2011). Available at: IJRRIS/article/download/165/156

Barwick, Hamish. “Data sovereignty still misunderstood in Australia: Microsoft.” Computerworld, September 18, 2012. Available at:

Barwick, Hamish. “Navigating the cloud security minefield.” CIO, September 5, 2012. Available at:

Bashir, M., J. P. Kesan, C. M. Hayes, R. Zielinski, “Privacy in the Cloud: Going Beyond the Contractarian Paradigm”, University of Illinois, 2011. Available at: 2011.pdf

Bell, S. “Don’t Fear the Patriot Act says Microsoft Lawyer.” Computerworld NZ, September 27, 2011. Available at:

Bender, Adam. “Australian Government Releases Big Data Issues Paper.” CIO Magazine, March 18, 2013. Available at:

Bierce & Kenerson, P.C. “Cybersecurity: An Issue for Both Tech Service Providers and Clients, especially for Cloud, Mobil and Social Computing and the Internet of Things.” Outsourcing-Law, November 12, 2012. Available at:

Bleich, Jeffrey. “Cloud agreement can bring blue skies.” The Age, December 11, 2012. Available at:

Bradshaw, Simon, Millard, Christopher and Walden, Ian. "Contracts for clouds: comparison and analysis of the Terms and Conditions of cloud computing services." Queen Mary School of Law Legal Studies Research Paper, no 63 (2010). Available at:

Bray, Oliver and Fiona Wilson. ‘EU Data Protection Regulators and Cloud Computing Contracts.’ (2013) Journal of Internet Law 16(8): 18-20. Available at:

Burman, Kendall. “Comparison Chart: Information Sharing, Monitoring & Countermeasures Provisions in the Cybersecurity Bills.” Centre for Democracy & Technology, July 30, 2012. Available at:

Burr, Beckwith. “The Electronic Communications Privacy Act of 1986: Principles of Reform.Digital Due Process Coalition, 2010. Available at:

Calloway, Timothy J. ‘Cloud Computing, Clickwrap Agreements, and Limitation on Liability Clauses: A Perfect Storm?’ (2012) Duke Law & Technology Review 11(1): 163-174. Available at:|contract&type=matchall#163.

Carnabuci, Connie. ‘The long arm of the USA Patriot Act: tips for Australian businesses selecting data service providers’, Freshfields Bruckhaus Deringer for Macquarie Telecom, November 2011. Available at: or

Carnabuci, Connie and Heather Tropman. ‘Whitepaper: The Cloud and US Cross-Border Risks.’ Macquarie Telecom and Freshfields Bruckhaus Deringer. October 2011. Available at:

Cate, Fred H. “The Vanishing Fourth Amendment,” BNA Privacy and Security Law Report 1875, no. 6 (2007).

Cate, Fred H, and Eisenhauer, Margaret. “Between a Rock and Hard Place: The Conflict Between European Data Protection Laws and U.S. Civil Litigation Document Production Requirements,” BNA Privacy and Security Law Report 229, no. 6 (2007).

Celestine, Carole M. ‘”Cloudy” Skies, Bright Futures? In Defense of a Private Regulatory Scheme for Policing Cloud Computing.’ University of Illinois Journal of Law, Technology & Policy 2013(1): 141-164. Available at:|contract&type=matchall#147

Chen, Deyan. ‘Data Security and Privacy Protection Issues in Cloud Computing.’ IEEE, 2012 International Conference on Computer Science and Electronics Engineering 1. Available at:

Christensen, Laurits and Etro, Federico. “Big Data, the Cloud and the EU Regulation on Data Protection” Intereconomics Volume 48, Number 5, September 2013. Available at:

Clark, Trevor. “The fog of law and cloud computing.” Sydney Morning Herald, February 18, 2013. Available at:

Cochrane, Nate. “What will you do when the US comes for you?” Sydney Morning Herald SMH, January 26, 2012. Available at:

Cohn, Cindy, Samuels, Julie. “Megaupload and the Government's Attack on Cloud Computing.” Electronic Frontiers Foundation, October 31, 2012. Available at:

Condliffe, Jamie. “TPP: The Biggest Global Threat to the Internet since ACTA.” Gizmodo Australia, May 1, 2013. Available at:

Connolly, Chris. “US safe harbor – fact or fiction?” Privacy Laws & Business International 96 (2008): 26-27. Available at:

Connolly, Chris, Vaile, David. “Drowning in Codes of Conduct: An Analysis of Codes of Conduct Applying to Online Activity in Australia.” Cyberspace Law and Policy Centre, UNSW Faculty of Law Research Series [2013] UNSWLRS 23. Available at: or

Crozier, Ry. “DFAT keeps Australians in dark on TPP Stance.” IT News, 16 April, 2013.,dfat-keeps-australians-in-dark-on-tpp-stance.aspx

Cowan, Paris. ‘NSW Government Cloud Computing Policy Due this Year.’ Intermedium, 25 March 2013. Available at:

De Filippi, Primavera, McCarthy, Smari. “Cloud Computing: Centralization and Data Sovereignty.” European Journal of Law and Technology 3, no. 2 (2012): 1-21. Available at:

De Filippi, Primavera, Porcedda, Maria. “Privacy Belts on the Innovation Highway.” Paper presented at Internet, Politics, Policy 2012, Oxford Internet Institute, 21-22 September 2012. Available at:

Dent, Georgia. “Patriot Missile Incoming.” BRW, 12 April, 2012. Available at:

Dix, Alexander (Berlin Commissioner for Data Protection and Freedom of Information). “The Commission's Data Protection Reform After Snowden's Summer” Intereconomics Volume 48, Number 5, September/October 2013. Available at:

Doyle, C., “National Security Letters in Foreign Intelligence Investigations: Legal Background and Recent Amendments”, Congressional Research Service, 8 September, 2009.

Emerson, Craig (Trade Minister). “Australia welcomes Japan to Trans-Pacific Partnership negotiations.” Media release, Australian Government, 21 April 2013. Available at:

Filippi, Primavera De and Smari McCarthy. ‘Cloud Computing: Centralization and Data Sovereignty.’ (2012) European Journal of Law and Technology 3(2). Available at:

Fleming, Jeremy. “US makes first public comment over draft EU data privacy law.” EurActiv, 29 April, 2013. Available at:

Forsheit, Tanya L. “E-Discovery Involving Cloud Facilities.” Practicing Law Institute/PAT 157, no. 12 (2010): 159-168.

Foo, Fran. “E-health supplier link to data fears.” The Australian, 13 November 2012. Available at:

Fossoul, Nicolas. “Does the USA PATRIOT Act Give U.S. Government Access to E.U. Citizens' Personal Data Stored in the Cloud in Violation of the E.U. Law?” paper for University of Tilburg L.L.M. Law & Technology, 2012. Available at:

Garon, Jon M., ‘Navigating Through the Cloud – Legal and Regulatory Management for Software as a Service’ (Working Paper, NKU Chas Law & Information Institute, 11 October 2011). Available at:

Geist, Michael & Homsi, M., “The Long Arm of the USA Patriot Act: A Threat to Canadian Privacy?” submission on the USA Patriot Act to B.C. Information and Privacy Commissioner”, July 2004. Available at:

Gellman, Barton, and Poitras, Laura. “Documents: U.S. mining data from 9 leading Internet firms; companies deny knowledge.” Washington Post, 7 June 2013. Available at: (See also Washington Post and New York Times for further stories from same authors arising from the same material.)

Gewirtz, D. “Security implications of public vs. private clouds,” ZDnet, 22 April 2013. Available at:

Gilbert, Francoise. “Cloud Service Contracts May Be Fluffy: Selected Legal Issues to Consider Before Taking Off.” Journal of Internet Law 17 (2010).

Gillies, Stephen. “Cloud providers and data sovereignty issues.” Search Security, 11 August 2011. Available at:

Gold, Joshua, ‘Protection in the Cloud: Risk management and insurance for cloud computing’ (2012) 15(3) Journal of Internet Law 23.

Greenwald, Glenn, and Ewen MacAskill. “NSA taps in to internet giants' systems to mine user data, secret files reveal.” The Guardian, 7 June 2013. Available at: (see also ‘NSA’ tag at The Guardian for further stories from the same authors arising from the same material)

Groß, Stephan, and Alexander Schill. ‘Towards User-Centric Data Governance and Control in the Cloud,Open Problems in Network Security, IFIP WG 11.4 International Workshop, iNetSec 2011, Lucerne, Switzerland, June 9, 2011, Revised Selected Papers, pp 145-160. Available at:

Grubb, B. “Hackers publish AAPT data in protest over web spy plan.” SMH, 30 July 2012. Available at:

Hafizah, Osman. “Cloud becoming a business process service delivery model: IDC.” ARN, 31 January 2013. Available at: cloud_becoming_business_process_service_delivery_model_idc/

Hart, Nick and Mark Vincent. ‘Legal issues in the Cloud – Part 1.’ CIO. 8 April 2011. Available at:

Hon, W Kuan, Christopher Millard and Ian Walden. “UK G-Cloud v1 and the impact on cloud contracts - Part I.” (2012) 17 Communications Law Review 3: 78, Queen Mary School of Law Legal Studies Research Paper No. 115/2012. Available at:

Hon, W. Kuan, Christopher Millard and Ian Walden, ‘Negotiating Cloud Contracts: Looking at Clouds from Both Sides Now’ (2012) 16 Stanford Technology Law Review 81. Available at:

Hutchinson, James. “Amazon cloud entry poses legal concerns to business.” Australian Financial Review, 13 November 2012. Available at:

Hutchinson, James, and Ramli, David. “US Surveillance Threatens Confidence in Cloud Computing” Australian Financial Review, 11 June 2013. Available at:

Irion, Kristina. “Government Cloud Computing and the Policies of Data Sovereignty,” Policy & Internet 3 (2012): 40. Available at:

Keane Bernard. "Protectionism, free trade and security up in the cloud.” Crikey, 12 December 2012. Available at:

Kerr, Orin. “A User's Guide to the Stored Communications Act, and a Legislator's Guide to Amending It,” George Washington Law Review 72 (2004. Available at:

Kerr, Orin. “Applying the Fourth Amendment to the Internet: A General Approach,” Stanford L Rev 62, no. 4 (2010): 1005-1050. Available at:

Kessler, David et al. “Is Personal Data Located Outside the United States’ Not Reasonably Discoverable?” PVLR 7 (2008): 1356

Kneller D. “Data Security Breaches on the Rise: How to Effectively Deal with this New Risk,” International Law Bulletin (2011): 76-78

Kshetri, N. "Cloud Computing in Developing Economies," Computer 43, no.10 (2010): 47-55. Available at:

Lanois, Paul. ‘Privacy in the age of the cloud’ (2011) 15(6) Journal of Internet Law 3.

Lee, Jane. “Million-dollar fines set for privacy breaches.” Sydney Morning Herald, 30 November 2012. Available at:

Lele, Vishwas. “20 Things That May Be ‘Clouding’ Your Choice About the Cloud But Shouldn’t.” Applied Information Sciences, 28 March 2012. Available at:

Lynch, Andrew, and George Williams. What Price security? Taking Stock of Australia’s Anti-Terrorism Laws. Sydney, NSW: University of New South Wales Press, 2006

Mackie, Mary Leigh. "Discovering the Cloud's Silver Lining." KM World, 2 November, 2012. Available at: (registration required)

MacLeod, Ian. “Cloud computing law puts Canadian users at risk of snooping by American spies.” The Ottawa Citizen, 2 February 2013. Available at:

Marston, Sean et al. “Cloud computing – The business perspective,” Decision Support Systems 51, no. 1 (2011): 176-189. Available at:

Maurushat, Alana. “Data Breach Notification Law Across the World from California to Australia,” Privacy Law and Business International February 2009, and [2009] UNSWLRS 11. Available at: and

Maxwell, Winston and Christopher Wolf, ‘A Global Reality: Governmental Access to Data in the Cloud – A comparative analysis of ten international jurisdictions (Governmental access to data stored in the Cloud, including cross-border access, exists in every jurisdiction)’, Hogan Lovells July 2012. Available at:

McDonald, Steve. “Legal and Quasi-Legal Issues in Cloud Computing Contracts”, EDUCAUSE and NACUBO Workshop on Cloud Computing and Shared Services, Tempe, Arizona, 8-10 February 2010. Available at:

McKendrick, Joe. ‘5 Ways to take the opaqueness out of cloud contracts.’ ZDNet. 4 August 2013. Available at:

McNicholas, Edward R. “National Security Letters: Practical Advice for Understanding and Handling Exceptional Requests,” 8 PVLR 13 (2009). Available at:

Mell, P, Grance, T. The NIST Definition of Cloud Computing. Recommendations of the National Institute of Standards and Technology (NIST), Special Publication 800–145 (January 2011). Available at:

Metri, P, G Sarote. “Privacy Issues and Challenges in Cloud Computing,” International Journal of Advanced Engineering Sciences and Technologies 5 (2011): 1-6. Available at:

Michaelsen, Christopher. "Reforming Australia's National Security Laws: The Case for a Proportionality-Based Approach," University of Tasmania Law Review 31 (2010). Available at:

Morris, Chris/IDC, Asia/Pacific (Excluding Japan) Cloud Services and Technologies End-User Survey, 2011, IDC, November 2012.

M Law Group. “New Draft European Data Protection Regime.” M Law M Patent Group, 2 February 2012. Available at:

Nicholls, Matthew and Alex Maschmedt. “Transborder Dataflows and Jurisdictional Issues in the Cloud – Australia.” 2 May 2012. Available at:

Nielsen, Nikolaj. “The man behind the EU Parliament’s data regulation.” EU Observer, 6 May 2013.

Pavolotsky, John. “Cloud Services and Information Security: The Public vs. Private Service Provider Debate.,” New Matter 37, no.1 (2012): 32-35. Available at:

Peterson, Zachary et al. “A position paper on data sovereignty: The importance of geolocating data in the cloud.” Paper presented at Hotcloud 11, Portland, Oregon, June 14, 2011. Available at:

Pham, Cindy. ‘E-Discovery in the Cloud Era: What’s a Litigant to do?’ (2013) Hastings Science and Technology Law Journal 5(1): 139-190. Available at:|contract&type=matchall

Pryce, Jeffrey F. “The Globalization of Electronic Evidence Gathering: U.S. Joins Council of Europe Convention on Cybercrime,” PVLR 5: 1450 (2006)

Reed, Chris. “Information ‘Ownership’ in the Cloud,” Queen Mary School of Law Legal Studies Research Paper No. 45 (2010). Available at:

Reed, Chris. ‘Information 'Ownership' in the Cloud’, Legal Studies Research Paper No. 45/2010, Queen Mary School of Law, 2 March 2010. Available at:

Roach K. “The Eroding Distinction Between Intelligence and Evidence in Terrorism Investigations.” Counter-Terrorism and Beyond - The Culture of Law and Justice After 9/11, eds. Andrew Lynch, Nicola McGarrity, George Williams (Sydney: Routledge, 2010)

Robinson, Frances. “U.S. to EU: U.S. Data Law Is Brill.” Wall Street Journal, 19 April 2013. Available at:

Ryan, W, Michael and Christopher Loeffler. “Insights into Cloud Computing,” Intellectual Property & Technology Journal 22 no. 11 (2011)

Sandeen, Sharon K., ‘Lost in the Cloud? The Implications of Cloud Computing for Trade Secret Protection’, 4 April 2012. Available at: (working paper - contact author for current version)

Schneier, Bruce. “What We Don't Know About Spying on Citizens: Scarier Than What We Know.” The Atlantic, 6 June 2013. Available at: (See also, particularly ‘Crypto-Gram’, for further commentary on similar issues published elsewhere.)

Soma, John, Melody Mosley Gates, Maury Nichols and Ana Gutiérrez. “Chasing the Clouds Without Getting Drenched: A Call for Fair Practices in Cloud Computing Services” Journal of Technology Law & Policy (2011) 16. Available at:

Srinivasan, Madhan Kumar et al. “State-of-the-art cloud computing security taxonomies: a classification of security challenges in the present cloud computing environment.” Paper at International Conference on Advances in Computing, Communications and Informatics, Chenai, India, 5 August 2012. Available at:

[staff writer] “USTR Flags Procurement, Data Flow Issues as New Barriers in Canada.” Inside Trade, 27 April 2012. Available at:

Tufts, Shannon H. ‘Cloud Computing: Contracting Considerations for Inclusion.’ 2012. University of North Carolina. Available at:

Tyson, Laura J. "A Break in the Internet Privacy Chain: How Law Enforcement Connects Content to Non-Content to Discover an Internet User's Identity," (2010) Seton Hall Law Review: Vol. 40: Iss. 3, Article 14. Available at:

Van Hoboken, Dr. J. A. Arnbak, Prof. N van Eijk, N. Kruijsen. “Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act.” Institute for Information Law (2012). Available at:

Walden, Ian and Luciano, Laise Da Correggio. “Ensuring Competition in the Clouds: The Role of Competition Law?” 7 April 2011. Available at:

Ward, Burke T, Janice C. Sipior. “The Internet Jurisdiction Risk of Cloud Computing.” Information Systems Management 27 no. 4 (2010)

Wainewright, Phil. “Data Protectionism Threatens the Cloud.” Connected Web Blog, February 12, 2009. Available at:

Whittaker, Z. “Microsoft admits Patriot Act can access EU-based cloud data.” ZDNet, June 28, 2011. Available at:

Whittaker, Z. “Patriot Act can obtain data in Europe, researchers say.” CNET, December 6, 2012. Available at:

Whittaker, Z. “USA PATRIOT Act: The myth of a secure European cloud?” ZDnet, 27 April 2011. Available at:

Winterford, Brett. ‘The Best and Worst of Cloud Contracts.’ ITNews. 8 March 2013. Available at:,the-best-and-worst-of-cloud-contracts.aspx

Zhang, Gaofeng. ‘A novel noise obfuscation model and its strategies for effective and efficient privacy protection in cloud computing.’ PhD thesis. Swinburne University of Technology, Faculty of Information and Communication Technologies. 2013. Available at:

2. Government materials


Attorney-General’s Department (AGD). Protective Security Policy Framework, Directive on the security of Government business Governance arrangements, and Core Personnel, Information and Physical Security Management policies. By the Australian Government Document no. 1.5. Canberra, 2012. Available at:

Australian Government Information Management Office (AGIMO). Cloud Computing Strategic Direction Paper: Opportunity and Applicability for use by the Australian Government. By the Department of Finance and Deregulation Document no. 1.1. Australian Capital Territory, 2013. Available at:

Australian Government Information Management Office (AGIMO). Cloud Computing Policy and Cloud Computing Strategic Direction - Agency Cloud Implementation Initiative, Circular. By the Department of Finance and Deregulation, Document no. 2011/003. Canberra, 2011. Available at:

Australian Government Information Management Office (AGIMO). Community Cloud Governance – An Australian Government Perspective (Better Practice Guide). By the Department of Finance and Deregulation. Canberra, 2012. Available at: (PDF link broken); (draft available at:

Australian Government Information Management Office (AGIMO). Negotiating the cloud – legal issues in cloud computing agreements: Better Practice Guide, Department of Finance and Deregulation. Department of Finance and Deregulation. Document no. 1.1. Canberra, 2013. Available at:

Australian Government Information Management Office (AGIMO). Big Data issues Paper. Department of Finance and Deregulation. Canberra, 2013. Available at:

Australian Prudential Regulation Authority (APRA). Guidelines, “Outsourcing and Offshoring: Specific considerations when using cloud computing services,” Canberra, 15 November 2010. Available at:

Australian Signals Directorate (ASD). Australian Government Information Security Manual: Principles. By the Department of Defence. Canberra, September 2012. Available at:

Australian Signals Directorate (ASD). Cloud Computing Security Considerations. By the Department of Defence. Canberra, September 2012. Available at:

Commonwealth of Australia Attorney Generals Department (AGD). Discussion Paper: Australian Privacy Breach Notification. By the Australian Government. Canberra, 2012. Available at:

Computer Emergency Response Team (CERT) and the Centre for Internet Safety (CIS). Cyber Crime and Security Survey Report. Australian Government. Canberra, 2013. Available at: Crime and Security Survey Report 2012.pdf

Department of Broadband, Communications and the Digital Economy (DBCDE). National Cloud Computing Strategy. Australian Government. Canberra, 2013. Available at:

NSW Government ICT Board. “Communiqué after board meeting of 27 February.” NSW Government. 27 February 2013. Available at:

Office of the Australian Information Commissioner (OAIC). “Guide to Handling Personal Information Security Breaches.” OAIC. Sydney, 2012. Available at:

Office of the Australian Information Commissioner, Timothy Pilgrim, Privacy Commissioner. “Submission to AGD, Discussion Paper: Australian Privacy Breach Notification.” Office of the Australian Information Commissioner. Sydney, 2012. Available at:

Office of the Federal Privacy Commissioner. “Information Sheet (Private Sector) 1A: National Privacy Principles.” OAIC. Sydney, February 2008. Available at:

Office of the Federal Privacy Commissioner, Timothy Pilgrim, Privacy Commissioner. ‘Privacy and the Cloud’, speech to Cloud Computing Conference and Expo. 2010. Available at:

Office of the SA Chief Information Officer. “ISMF Guideline 8 (Cloud Computing)’, Government of South Australia.” Government of South Australia. 2011. Available at:

Office of the Victorian Privacy Commissioner. “Forecast: Cloudy but fine? Privacy Risks and Potential Benefits in the Cloud.” Government of Victoria. 2012. Available at:$file/speech_bendall_03_12.pdf


Department of Commerce. “Clarifications Regarding the US EU Safe Harbor Framework and Cloud computing.” (2013). Available at:

Department of Justice (DoJ), “Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations” (2009). Available at:

Federal Trade Commission (FTC) Privacy Online: Fair Information Practices in the Electronic Marketplace. Washington, May 2000. Available at:

Ronald Weich, letter to the Honourable Harry Reid, Washington DC, 29 April 2011, Federation of American Scientists, Foreign Intelligence Surveillance Act (FISA) Report. Available at:

Grance, Timothy and Jansen, Wayne. 2011. ‘Guidelines on Security and Privacy in Public Cloud Computing.’ National Institute of Standards and Technology (NIST). Special Publication 800-144. Available at:

Holder, E and Reding, V. “Joint Statement on the Negotiation of a EU-U.S. Data Privacy and Protection Agreement by Attorney General Eric Holder and European Commission Vice-President Viviane Reding.”, June 2012. Available at:

Office of the Inspector General, US Department of Justice, Report to Congress on Implementation of Section 1001 of the USA PATRIOT Act, February 2010. Available at:

Salgado, Richard (senior counsel, Law Enforcement and Information Security, Google Inc.) Testimony to House Judiciary Subcommittee on the Constitution, Civil Rights and Civil Liberties, Hearing on Electronic Communications Privacy Act Reform, May 5, 2010.

White House. Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy, February 2012. Available at:


House of Commons Subcommittee on the Treasury, Submission from Privacy International, “How secure is the personal information of UK citizens in light of the USA PATRIOT Act and the limited privacy protections of the United States?”, 28 February 2008.

Information Commissioner's Office, Guidance on the Use of Cloud Computing, September 2012. Available at:


European Commission

EC Article 29 Data Protection Working Party, ‘Opinion 05/2012 on Cloud Computing’ (2012), 01037/12/EN WP 196. Available at:

EC Working Party 29, “Opinion 10/2006 on the processing of personal data by the Society for Worldwide Interbank Financial Telecommunication (SWIFT)”, 2006. Available at:

EC Working Party 29, “Opinion 1/2006 on the application of the EU data protection rules to internal whistle blowing schemes in the fields of accounting, internal accounting controls, auditing matters, fight against, banking and financial crime”, 2006. Available at:

EC Working Party 29, “FAQs in order to address some issues raised by the entry into force of the EU Commission Decision 2010/87/EU of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC“, 12 July 2010, 00070/2010/EN WP 176. Available at:

EC Directorate-General for Internal Policies, Policy Department A: Economic and Scientific Policy, Cloud Computing Study (2012). Available at:

EC Directorate-General for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, Fighting cyber crime and protecting privacy in the cloud: Study, 2012. Available at:

EC Directorate-General for Justice, Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Safeguarding Privacy in a Connected World A European Data Protection Framework for the 21st Century, COM/2012/09 final, 25 January 2012. Available at: (See ‘5. Data protection in a globalised world’ for impact on hosting EU data outside EU.)

EC Directorate-General for Justice, ‘Commission proposes a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses,’ media release, 25 February 2012. Available at:

Robinson, Neil, Lorenzo Valeri, Jonathan Cave, Tony Starkely, Hans Graux, Sadie Creese and Paul P. Hopkins, ‘The Cloud: Understanding the Security, Privacy and Trust Challenges’, Final Report, Prepared for Unit F.5, Directorate-General Information Society and Media, European Commission (2010), TR-933-EC. Available at:

European Parliament

Alleweldt, Dr Frank and Dr Senda Kara (Directors), Anna Fielder (lead author and coordination), Ian Brown, Verena Weber, Nicholas McSpedden-Brown, Cloud Computing Study, Directorate General For Internal Policies, Policy Department A: Economic And Scientific Policy, European Parliament, IP/A/IMCO/ST/2011-18, May 2012. Available at:

European Network and Information Security Agency (ENISA)

Catteddu, D and Giles Hogben (eds): Cloud Computing – Benefits, risks and recommendations for information security, ENISA Report, European Network and Information Security Agency. November 2009. Available at:

Catteddu, D (ed): Security and Resilience in Governmental Clouds – Making an informed decision. ENISA Report, ENISA. January 2011. Available at:

Dekker, M, Critical Cloud Computing: A CIIP perspective on cloud computing services, ENISA. December 2012. Available at:

Hogben, G, and M Dekker (eds), Procure Secure: A guide to monitoring of security service levels in cloud contracts, ENISA. April 2012. Available at:


Information & Privacy Commissioner Report for British Columbia, “Privacy and the USA Patriot Act Implications for British Columbia Public Sector Outsourcing”, 2004. Available at:

3. Legislation and directives


Anti-Terrorism Act (No. 2) 2005 (Cth). Available at: or

Archives Act 1983 (Cth). Available at: or

Australian Consumer Law, in Trade Practices Amendment (Australian Consumer Law) Act (No. 1) 2010 (Cth), Schedule 1. Available at:

Australian Security Intelligence Organisation Act 1979 (the ASIO Act) (Cth). Available at:

Crimes Act 1914 (Cth). Available at:

Criminal Code Act 1995 (Cth). Available at:

Cybercrime Legislation Amendment Act 2012 (Cth), ‘An Act to implement the Council of Europe Convention on Cybercrime, and for other purposes’, Schedule 2. Available at: or

Defence Act 1903 (Cth). Available at:

Freedom of Information Act 1982 (Cth). Available at:

Income Tax Assessment Act 1936 (Cth). Available at:

Intelligence Services Act 2001 (Cth). Available at:

National Security Information (Criminal and Civil Proceedings) Act 2004 (Cth). Available at:

Personally Controlled Electronic Health Records Act 2012 (Cth). Available at:

Privacy Act 1988 (Cth), at: National Privacy Principles 4 (Data Security) and 9 (Transborder Data Flows) of personal information. Available at:

Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). Available at: or Bills Digest for the Bill. Available at:

Privacy Amendment (Privacy Alerts) Bill 2013 (Cth) introduced 29 May 2013. Available at:

Public Service Act 1999 (Cth). Available at:

Social Security Act 1991 (Cth). Available at: ]


Cable Communications Policy Act of 1984, Protection of subscriber privacy (47 U.S.C. § 551). Available at:, or

Children's Online Privacy Protection Act of 1998, (15 U.S.C. §§ 6501–6506) (COPPA). Available at:

Communications Assistance for Law Enforcement Act of 2006 (CALEA). Available at: See also Ask CALEA,

CISPA Bill: Cyber Intelligence Sharing and Protection Act (CISPA), (H.R. 624), most recent version 18 April 2013. Available at:

Electronic Communications Privacy Act of 1986 (ECPA) (18 U.S.C. 121) Pub. L. 99-508, 100 Stat. 1848, approved October 21, 1986. Available at:

Executive Order 1636, ‘Improving Critical Infrastructure Cybersecurity’, Federal Register 78, no. 33 (February 19, 2013): 11737–11744. See also CRS commentary. Available at:

Fair Credit Reporting Act of 1970, Pub. L. 91-508, 84 Stat. 1114, approved October 26, 1970. Available at:

Foreign Intelligence Surveillance Act of 1978 (FISA), Pub.L. 95-511, 92 Stat. 1783, approved October 25, 1978. Available at:

Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008, Pub L 110-261, 7/10/2008, especially s 1881a. Available at: or

Fourth Amendment of the US Constitution. Available at:

Gramm-Leach-Bliley Act (15 U.S.C. § 6802). Available at:

Health Insurance Portability and Accountability Act of 1996 (HIPAA). Available at:

Intelligence Reform and Terrorism Prevention Act of 2004, Pub. L. 108-458, 118 Stat. 3638, approved December 17, 2004.

Internal Revenue Service Rules (26 U.S.C. § 6713)

National Security Act of 1947, Pub. L. 80-253, 61 Stat. 495, approved July 26, 1947. Available at:

National Security Letter Statute (18 U.S.C. § 2709). Available at:

PATRIOT Sunsets Extension Act of 2011, Pub. L. No. 112-14, 125 stat. 216, approved May 26, 2011. Available at:

Protect America Act of 2007 Pub.L. 110–55, 121 Stat. 552, enacted by S. 1927, approved 5 August 2007. Available at: [removed warrant requirements from FISA for targets reasonably believed to be outside US, re-authorised by FISA Amdt Act of 2008 and again in 2012]

Right to Financial Privacy Act of 1978, Pub. L. 95-630, 92 Stat. 3697, approved November 10, 1978. Available at:

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT Act) of 2001, Pub. L. No. 107-56 [H.R. 3162], 115 Stat. 272, approved October 26, 2001.. Available at:

USA PATRIOT Improvement and Reauthorization Act of 2005, Pub. L. No. 109-177, 120 stat. 192, approved March 9, 2006. Available at: usa_patriot_improvement_and_reauthorization_act_of_2005

US Federal Rules of Civil Procedure. Available at:

Video Privacy Protection Act of 1998 (18 U.S.C. § 2710). Available at:

Violence Against Women Act of 1994, amended February 2013. Available at:


Personal Information Protection and Electronic Documents Act 2000, S.C. 2000, c. 5. Available at:


Data Protection Directive (95/46/EC), ‘Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data’. Available at:

Data Retention Directive (2006/24/EC) of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, O.J. L 105, April 13, 2006

Directive on privacy and electronic communications (2002/58/EC) (as revised by 2009/136/EC), a.k.a. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector. Available at:
Amending document 2009/136/EC.

General Data Protection Regulation, Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, January 25, 2012. Available at:

4. Conventions, treaties and international agreements

Agreement on mutual legal assistance between the European Union and the United States of America, O.J. L 19 July 2003. Available at:

Agreement of the 23rd July 2007 between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the United States Department of Homeland Security (DHS), O.J. L August 4, 2007. Available at:

Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program, Council Decision 2010/412/EU, O.J. L 195, July 27, 2010. Available at: 32010D0412:EN:NOT

Australia-US Free Trade Agreement [2005] ATS 1, Washington 18 May 2004, entry into force 1 January 2005. Available at: or

Convention on Cybercrime, Council of Europe, CETS 185. Available at:

Convention for the Protection of Human Rights and Fundamental Freedoms, November 4, 1950, ETS No. 2; 213 UNTS 222.

Treaty between the Government of Australia and the Government of the United States of America on Mutual Assistance in Criminal Matters, and Exchange of Notes, [1999] ATS 19, entry into force 30 September 1999 (‘Mutual Legal Assistance Treaty’). Available at:

5. Cases, rulings and decisions

John Doe Inc., et al. v. Mukasey, et al., Docket 07-4943-cv, December 15, 2008. Available at:

EU Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the Safe Harbour privacy principles and related frequently asked questions issued by the US, 2000, O.J. L 215/7.

EU Commission Decision of 15 June 2001 on standard contractual clauses for the transfer of personal data to third countries, under Directive 95/46/EC, 4 April 2001, 2001/497/EC: OJ L 181/19 (notified under document number C(2001) 1539). Available at:

EU Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council, 2010, 2010/87/EU, O.J. L39/5. Available at:

Freedman v. Am. Online, Inc., 303 F. Supp. 2d 121 (D. Conn. 2004), at 126. [statutory warrants]

Gonzales v. Google, Inc., 234 F.R.D. 674 (N.D.Cal, 2006). Available at:

In re National Security Letter, Docket C 11-02173 SI, US DC Northern District California, Order Granting Petition to Set Aside NSL, 15 March 2013. Available at: (See also Zimmerman M, ‘In Depth: The District Court's Remarkable Order Striking Down the NSL Statute’, EFF, 18 March 2013. Available at:

In re Uranium Antitrust Litigation, 480 F. Supp. 1138, 1144 (N.D. Ill. 1979). Available at:

Lawson v. Accusearch Inc., (F.C.), 2007 FC 125, [2007] 4 F.C.R. 314, Canada, February 5 2007, Docket:T-2228-05. Available at:

Lukowski v. County of Seneca, W.D.N.Y., No. 08-CV-6098 (Feb. 24, 2009); see ‘Privacy Interest in ISP-Stored Identifying Data Held to Depend on Terms of Service’, 8 PVLR 397 (Mar. 9, 2009). Available at:

Rehberg v. Paulk, No. 10–788, 611 F. 3d 828, 132 S. Ct. (April 11, 2012. Available at:
[confirming a “complaining official” has absolute immunity from damages for false testimony].

Quon v. Arch Wireless, 529 F.3d 892 (9th Cir. 2008); and City of Ontario v. Quon, No. 08-1332, 130 S.Ct. 2619, 560 U.S. (17 June 2010). Available at: See also "Reasonable Expectation of Privacy: City of Ontario v. Quon", Harvard Law Review 124 (1): 179–188. Available at: vol_12401city_ontario_v_quon.pdf [SC declines to set precedent on application of 4th Amdt to email/pager, found no privacy breach on facts]

Swedish Data Inspection Board, 10 June 2013, Supervision of Personal Data Act (1998:204) - Follow-up decision in Case 263-2011. Available at: 2013/fortsatt-nej-for-kommun-att-anvanda-molntjanst/. See also commentary at: blog/incision/swedens-data-protection-authority-bans-google-apps/

Warshak v U.S., 490 F.3d 455 (6th Cir. 2007). Available at:

Worldwide Film Entertainment LLC v. Does 1-749, DDC, No. 10-38 (May 17, 2010). Available at: See also commentary ‘Web user lacked privacy interest in account data’, 9 PVLR 768 (May 24, 2010).

U.S. v. Ahrndt, No. 08-468, 2010 WL 373994, 2010 U.S. Dist. LEXIS 7821, (D. Or. Jan. 28, 2010). Available at: See also ‘No Fourth Amendment, ECPA Privacy Claims in Documents Shared on Unsecured Network’, 9 PVLR 257 (Feb. 15, 2010).

U.S. v. Bynum, No. 08-4207, 4th Cir. (May 5, 2010). Available at: See also ‘Yahoo! User Lacked Privacy Expectation in Account Data Shared with Yahoo!, Others,’ 9 PVLR 707 (May 17, 2010).

U.S. v. Perrine, 518 F.3d 1196 (10th Cir. March 11 2008) No. 06-3336. Available at: See also ‘Tenth Circuit Finds no Expectation of Privacy in Data Given Freely to ISP’, 7 PVLR 418 (Mar. 24, 2008).

U.S. v. Li, No. 07-CR-2915, 2008 U.S. Dist. LEXIS 22283, (S.D. Cal. Mar. 20, 2008); see also ‘No SCA Reasonable Privacy Expectation for ISP Customer IP Address, Log-In Data’, 7 PVLR 501 (Apr. 7, 2008).

6. Industry reports and policy documents

Business Software Alliance. Lockout: How a New Wave of trade Protectionism Is Spreading through the World’s Fastest-Growing It Markets — and What to Do about It, June 2012. Available at: See also

Business Software Alliance. BSA Global Cloud Computing Scorecard 2013. Available at:

Capgemini. “Business Cloud: The State of Play Shifts Rapidly: Fresh Insights into Cloud Adoption Trends,” November 2012. Available at:

Citi Research. Cloud Computing – a two part series, Part 1: Overview, Drivers and Service Types, November 2012; Part 2: Market Sizing, Barriers, Value Network and Outlook, December 2012, Citigroup Global Markets.

Continuity Central. ‘Cloud contracts need more transparency to assist availability, recovery and data protection management.’ 2 August 2013. Available at:

Frost & Sullivan. Australian Contact Centre Market 2012. See also

Heiser, Jay and Bona, Alexa. “Cloud Contracts Need Security Service Levels to Better Manage Risk,” Gartner Research, 15 March 2013. Summary and link available at:

GeoTrust. ‘Choosing a Cloud Provider with Confidence’. 2011. Available at:

Klein, Paula. ‘A CIO’s Guide to Negotiating Cloud Contracts’, Microsoft Services. Available at:

Microsoft. ‘Building Confidence in the Cloud: A Proposal for Industry and Government Action for Europe to Reap the Benefits of Cloud Computing’, Submission No 2 to European Commission, Data Protection: Legal Framework, January 2010. Available at:

National Foreign Trade Council. Promoting Cross-Border Data Flows: Priorities for the Business Community, 3 November 2011. Available at:

Ponemon Institute. 2013 Cost of Data Breach Study: Australia, May 2013. Available at:

Stone, Greg. Microsoft ‘Microsoft feedback on the draft Community Cloud Governance Better Practice Guide’, comment on Dept of Finance feedback page, 6 August 2012. Available at:

Verizon. 2013 Data Breach Investigations Report. April 2013. Available at:


This bibliography is part of a Data Sovereignty and the Cloud research project assisted by contributions by infrastructure provider NEXTDC, law firm Baker& McKenzie (Adrian Lawrence and Patrick Fair) and insurer AON (Kevin Kalinich), and the efforts of Cyberspace Law and Policy Community/Centre interns including Michael Altit, Tim Chiang, Boonie Chow, Aley Greenblo, Peter Key-Matuszak, Sasha Kolodkina, Justin Huang, Felix Liu, Tia Singh, and Mark Susanto.

Digital Object Identifier URL: 

Cite this article as: 

David Vaile. 2013. Data sovereignty and the Cloud – a structured bibliography. Australian Journal of Telecommunications and the Digital Economy, Vol 1, No 1, Article 15. Published by Telecommunications Association Inc. ABN 34 732 327 053.