Cloud Investigations by European Data Protection Authorities: An Empirical View

This chapter draws on qualitative interviews, documentary analysis and observation data to analyse how European data protection authorities ('EU DPAs') exercise one of their statutory enforcement powers, namely, investigations more frequently to determine the compliance of cloud providers with the relevant data protection laws. The empirical analysis presented in this chapter supports two arguments. Firstly, the investigations of cloud providers by EU DPAs ('Cloud Investigations') are complex regulatory processes that often involve different co-operative relationships between various actors, such as DPAs. In reality, manifold interactions and practices, such as facilitative instruments, are deployed to form and perform such collaborations which are vital in ensuring the consistent application and enforcement of common data protection principles in an increasingly globalised context. Secondly, Cloud Investigations are also dynamic as they can involve continually evolving regulatory enforcement styles and compliance attitudes. Cloud Providers can often resist the attempts of the EU DPAs to direct the investigative process in specific ways. How such resistance is resolved is very much context-dependent.