Cloud (service): Difference between revisions

Drakeula (talk | contribs)
Examples: AI examp
D-side (talk | contribs)
I indeed meant ToS but I guess I really wanted to link this to something
Line 34: Line 34:
A service provider requires some level of access to the data it processes. Unless access to the service is engineered on consumer's side to minimize such access (e. g. end-to-end encryption), all of the processed data is visible to the service provider<ref name=":0" />, where it can be leaked as a result of a cybersecurity incident or used for purposes to which consumers did not consent (such as included in machine learning datasets{{Citation needed}} or sold to advertising companies{{Citation needed}}).
A service provider requires some level of access to the data it processes. Unless access to the service is engineered on consumer's side to minimize such access (e. g. end-to-end encryption), all of the processed data is visible to the service provider<ref name=":0" />, where it can be leaked as a result of a cybersecurity incident or used for purposes to which consumers did not consent (such as included in machine learning datasets{{Citation needed}} or sold to advertising companies{{Citation needed}}).


Providers may offer some access controls for the data they possess and process, but most of the time they are also the ones enforcing them, which renders them ineffective for restricting providers' access due to a conflict of interest. There may be legally binding promises of effectiveness of these controls in the [[End-user license agreement|EULA]],{{Citation needed|reason=I would have thought ToS would be more typical for cloud services, rather than EULA (more usual for an item than a service)?  [Don't really need a citation, if EULA is what they usually use]}} but violations of policies established through these controls are difficult to detect and legal enforcement is generally difficult.
Providers may offer some access controls for the data they possess and process, but most of the time they are also the ones enforcing them, which renders them ineffective for restricting providers' access due to a conflict of interest. There may be legally binding promises of effectiveness of these controls in their terms of service, but violations of policies established through these controls are difficult to detect and legal enforcement is difficult in general.


===Less legal protection===
===Less legal protection===