The Article 29 Working Party established under the EU data privacy legislation published an opinion on 1 July 2012 addressing the data privacy compliance concerns associated with the use of cloud computing solutions. The working party identifies the concerns as falling into two categories:
- lack of control;
- cloud clients lose control of the technical and organisational measures necessary to ensure the availability, integrity, confidentiality, transparency, isolation and portability of data;
- lack of information processing;
- insufficient information about a cloud services processing operations poses a risk to controllers as well as to data subjects because they might not be aware of potential threats and risks and therefore cannot take measures they deem appropriate.