The Cloud Accountability Project conducts innovative research to support the adoption of accountability in cloud eco-systems and Future Internet services. From a technical point of view, the project aims to specify a Reference Architecture for accountability across the cloud, taking into account that interoperability with existing frameworks, products, standards and approaches is maintained. It will also deliver an integrated accountability framework for security and trust, able to cope with the inherently dynamic nature of current and future technologies and business models. This will be assisted by the development of mappings between contracts/SLAs for accountability and evidence available through logging and user-centric accountability tools for privacy-friendly design and support on the negotiation of terms of services.
The Cloud Accountability Project tracks external legislative and regulatory constraints and developments to suggest revisions to current legal frameworks, including the EU Data Protection Framework, to the extend this is possible. The scope is to extend the data protection regulations to also cover the design of Future Internet services and cloud computing applications.
The Cloud Accountability Project contributes to the socio-economic aspect of accountability by delivering a globally appropriate schema of risks and liabilities and best practice risk allocation, an Accountability Tool for supporting evidence to certification schemes, models of risk and trust within the service provider ecosystem, including socioeconomic implications of risk, a model of economic governance and socio-economic impact assessment of accountability solutions.
The Ethical perspective of Accountability complements the mere compliance to regulations and goes beyond it by giving the cloud and Future Internet stakeholders the opportunity to ‘do the right thing’ in regards to respecting and protecting the personal information of customers, employees and partners, and encouraging corporate responsibility. Such an approach is in line with the definition of privacy as a human right and will ensure the questioning necessary in order to fill in a proactive way the inherent gap created by the different pace of technology and regulatory texts. The scope of the Cloud Accountability Project is to help organisations move away from a checkbox type mentality for compliance where the focus is on liability and on the law, and instead adopt a variety of techniques that not only meet data protection compliance needs but also satisfy the expectations of stakeholders and society and wider ethical principles (such as privacy and transparency).The mechanisms that will be provided in the project will provide go beyond compliance and will target to meet basic ethical criteria, such as checking whether a decision made is consistent with customers’ or employees’ expectations. The Cloud Accountability Project will encourage organisations to adopt such an ethical approach by not only providing the technical, legal and procedural mechanisms to allow this, but also by elucidating and disseminating the business case for so doing, facilitating the measurement of corporate accountability and ensuring that their solutions are socially acceptable and meet the needs of stakeholders (particularly via socio-economic impact assessments, elicitation of stakeholder requirements, analysis of design needs from a socioeconomic perspective, and guidelines for privacy-enhancing design of transparency and accountability tools).