ENISA: As it relates to public cloud computing, in the European Data Protection law, the customer is considered to be the:
ENISA: As it relates to public cloud computing, in the European Data Protection law, the customer is considered to be the:
In the context of the European Data Protection law, particularly as it relates to public cloud computing, the customer is generally considered to be the Data Controller. The Data Controller is the entity that determines the purposes and means of processing personal data. This role holds ultimate responsibility for ensuring that the data processing activities carried out comply with applicable laws, even when engaging a third-party, such as a cloud service provider, who acts as the Data Processor.
Enisa p 46: Cloud computing poses several data protection risks for cloud customers and providers. It can be difficult for the cloud customer (in its role of data controller) to effectively check the data processing that the cloud provider carries out, and thus be sure that the data is handled in a lawful way. It has to be clear that the cloud customer will be the main person responsible for the processing of personal data, even when such processing is carried out by the cloud provider in its role of external processor. Failure to comply with data protection law may lead to administrative, civil and also criminal sanctions, which vary from country to country, for the data controller..