Academic Centre of Excellence in Cyber Security

Clare Sullivan – Clouding the Issue: Digital Identity and the International Regulation of Cross Border Data in the era of Cloud Computing




Abstract: Widespread use of cloud computing and other off-shore hosting and processing arrangements make regulation of cross border data one of the most significant issues now facing regulators around the world.

Cloud computing has changed the nature of cross border data. Now data does not actually have to be stored or processed in another country or transferred across a national border in the traditional sense, to be what we consider cross border data. Nevertheless, the notion of physical borders and transfers still pervades thinking on this subject and this is evident in the new EC proposal for cross border data regulation.

The EC is proposing a new global standard for data transfer to ensure the protection for data transferred out of the EU is equivalent to that within the EU. This proposal is the first stage of what has become a widespread move to harmonise the major data protection regimes around the world, especially as they apply to cross border data.  This presentation examines the new EU proposal which regulates data transfer and contrasts it with the new Australian approach which regulates disclosure.

The relative merits of the EC and Australian approaches are examined in the context of digital identity, rather than just data privacy which is the usual focus, because of the growing significance of digital identity, especially to an individual’s ability to be recognized and to transact. The set of information required for transactions which invariably consists of full name, date of birth, gender and a piece of identifying information, has specific functions which transform it from mere information. As a set, it enables the system to transact. For this reason this transaction identity is the most important, and the most vulnerable part of digital identity. Yet while it is deserving of most protection, its significance has been largely under-appreciated.

In this presentation Dr Sullivan considers the major issues posed by cross border data regulation in the context of cloud computing, with a focus on transaction identity and the other personal information which make up an individual’s digital identity. Dr Sullivan argues that the growing commercial and legal importance of digital identity and its inherent vulnerabilities mandate the need for more effective protection which is provided by regulation of disclosure of data, not transfer.

 

Bio. Dr Clare Sullivan is a cyber-law lawyer and faculty at the School of Law at University of South Australia.

Her research examines whether the digital identity that people use for transactions is emerging as a new legal concept, its legal nature, and how digital identity can be legally protected. The research has implications for a number of legal areas particularly the emergent right to identity and its relationship to the right to privacy.

In 2011/12 Dr Sullivan was awarded a Fulbright scholarship to examine the legal implications of digital identity and cyber security under US and international law, which built on Dr Sullivan’s earlier comparative research in Australia and Europe.

Her book ‘Digital Identity: An Emergent Legal Concept’ is the first detailed legal study of digital identity and its implications for individuals, businesses and government. Dr Sullivan also co- authored the first report on trade-based money laundering for the Australian Institute of Criminology which was published in 2012. Dr Sullivan has authored a number of internationally published articles on digital identity and cyber security including the research she conducted in the UK, Europe and the US.

This year Dr Sullivan was awarded an Endeavour Scholarship by the Australian government to return to the US in June 2014 to conduct research on US/Australian cyber security at Georgetown University in Washington DC.