Aspects of Accountability
Accountability can be formally defined as being the state of accepting allocated responsibilities, explaining and demonstrating compliance to stakeholders and remedying any failure to act properly. Responsibilities may be derived from law, social norms, agreements, organizational values and ethical obligations. Accountability is not an absolute; it is only meaningful in the context to which it is applied (i.e. what one is accountable for). Accountability is then associated with specific principles and actions corresponding to that context.
Accountability has been analysed in our project according to four perspectives:
Legal Perspective: Accountability increasingly shows up as a legal requirement in several domains, most notably in regards to data protection. An analysis of external legislative and regulatory constraints and developments of accountability-relevant data protection legal frameworks, including the EU Data Protection Framework, has been done. To learn more, see the White paper on new Data Protection Framework, the Report on legal and regulatory dependencies for effective accountability and governance and the Rise of Compliance Audits report.
Ethical Perspective: Beyond the mere compliance to regulations, accountability fosters stakeholders to ‘do the right thing’ in regards to respecting and protecting the personal information of customers, employees and partners, and encouraging corporate responsibility. Such an approach is in line with the definition of privacy as a human right and will ensure the questioning necessary in order to fill in a proactive way the inherent gap created by the different pace of technology and regulatory texts.
We aim to help organisations move away from a checkbox type mentality for compliance where the focus is on liability and on the law, and instead adopt a variety of techniques that not only meet data protection compliance needs but also satisfy the expectations of stakeholders and society and wider ethical principles (such as privacy and transparency). We encourage organisations to adopt such an ethical approach by not only providing the technical, legal and procedural mechanisms to allow this, but also by elucidating and disseminating the business case for so doing, facilitating the measurement of corporate accountability and ensuring that our solutions are socially acceptable and meet the needs of stakeholders (particularly via socio-economic impact assessments, elicitation of stakeholder requirements, analysis of design needs from a socioeconomic perspective, and guidelines for privacy-enhancing design of transparency and accountability tools). To learn more, see the White Paper section of the Report detailing the conceptual framework.
Socio-economic Perspective: Our socio-economic analysis of accountability focuses on the perceived need for accountability, cloud stakeholders behaviour’ and the requirements for governing accountability in cloud ecosystems. The analysis includes a study on how to build trust in cloud relationships, based upon assessment of stakeholders’ views of accountability as well as models of trust, risk, and the socioeconomic implications of risk, within the service provider ecosystem. It also includes assessment of the economic value of accountability, including consideration of different economic governance models that steer good information stewardship and demonstration of how embedding accountability practices that go beyond minimal accountability requirements within one’s organisation actually improves the health and sustainability of the cloud ecosystem. In addition, both definition and application of socio-economic impact assessment in cloud ecosystems of accountability solutions are provided. The socio-economic impact assessment focuses on the acceptance of accountability in the cloud ecosystem and the further stimulation of accountability for data management in cloud ecosystems. For further details see the Final report on the Socio-economic context.
Technical Perspective: The Cloud Accountability Reference Architecture delivers an integrated accountability framework for security and trust, able to cope with the inherently dynamic nature of current and future technologies and business models. It takes into account interoperability with existing frameworks, products, standards and approaches. This is assisted by the development of mappings between contracts/SLAs for accountability and evidence available through logging and user-centric accountability tools for privacy-friendly design and support on the negotiation of terms of services. Navigate further to the Cloud Accountability Reference Architecture and the A4Cloud Toolkit.