“The use of commercial cloud services by public organisations in Europe is growing. While the benefits of cloud computing are indisputable, the public sector contains certain particularly sensitive or vulnerable user populations whose privacy requires special protection. Critical examples include civil servants employed by local or national governments and – the subject of particular emphasis in this report – children in schools.
The most widely used cloud services today are typically free or very inexpensive offerings
designed as vehicles for online behavioural advertising aimed at individual consumers. SafeGov.org
is concerned that by repurposing such advertising-driven services for users within organisations, cloud providers may deliberately or inadvertently expose these data subjects to online advertising, profiling or other forms of personal information processing that violate their rights under EU data protection laws. The risk is particularly acute in the absence of constraints on the contractual relations between data processors and data controllers that ensure the rights to information and consent of the data subjects in these organisational contexts.”