This article surveys and evaluates the privacy law of web applications and cloud computing. Cloud services, and web applications in particular, are subject to many different privacy law requirements. While these requirements are often perceived as illfitting, they can be interpreted to provide a structurally sound and coherent privacy regime. The applicable body of law can be separated into two tiers: the primary privacy law and the secondary privacy law. The primary privacy law is created by the providers and users of cloud services through privacy contracts, especially, privacy policies. The secondary privacy law, contained, for example, in statutes and regulations, is for the most part only applicable where no valid privacy contracts exist. This supremacy of privacy contracts over statutory and other secondary privacy law enables individualized privacy protection levels and commercial use of privacy rights according to the contracting parties’ individual wishes.
The Information Privacy Law of Web Applications and Cloud Computing,
29 Santa Clara High Tech. L.J. 451
Available at: http://digitalcommons.law.scu.edu/chtlj/vol29/iss3/1