Hvem ejer dit data når det flyttes til skyen?Who owns your data when it is moved to the cloud?

Not down with the Danish language? no worries – Grap this link for an English version of this post .


Hvad enten man vil det eller ej, så er det et faktum at flere og flere af vores personlige oplysninger er at finde på nettet. Alt fra offentlige services til vores bankoplysninger, fra tøjbutikker til dating services – nettet er det sted, hvor borgerne interagerer og hvor virksomheder udøver deres håndværk. Desværre må vi erkende at sikkerhed og privatlivets fred er blevet tilgået for let. Love er indført, primært gennem det europæiske Data Protection Directive, der fastlægger rammerne for hvordan data om europæiske borgere skal behandles, men vores data bevæger sig ofte ud over den europæiske handels unions grænser, hvor disse bestemmelser ikke længere har nogen effekt. Et godt eksempel på dagligdags applikationer hvor vi mister kontrollen over vores personlige data er cloud storage applikationer som Dropbox, OneDrive og GoogleDrive. Disse applikationer har givet os muligheden for at tilgå vores data fra hvilket som helst sted med en internetforbindelse, på et vilkårligt tidspunkt gennem en stadig voksende mængde enheder. Men er du klar over hvad du opgiver for denne bekvemmelighed?

Lad os tage et lille kig ned i deres brugsvilkår.

For Google Drive er data ejerskab skrevet som:

…Some of our Services allow you to upload, submit, store, send or receive content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours. …

Section Your Content in our Services
From Google Terms of Service, In effect April 14, 2014.

Så ejerskabet bliver ikke taget fra dig – so far so good. Men vi skal ikke læse meget videre for at finde en sektion, der virker til at modsige dette.

… When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.

Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored. …

Section Your Content in our Services
From Google Terms of Service, In effect April 14, 2014.

Godt så – Google tager altså ikke ejerskab over dataen, men forbeholder sig stadig retten til at gøre med den præcist hvad de vil. Formuleringer som afledte værker er enormt vage og rettighederne til at kommunikere, udgive, offentligt udføre, offentligt vise og distribuere, er nogen af de mest ekstreme jeg nogen sinde er stødt på. De skriver dog at rettighederne kun vil blive brugt med det formål at opretholde, promovere og forbedre deres services, samt til at udvikle nye. Men hvor meget er det lige at de begrænser sig her? Google laver jo efter hånden alt, lige fra online advertising til selvkørende biler – og når rettighederne tilmed inkluderer nye services, er begrænsningen et sted mellem minimal og ikke eksisterende. For os data-ejere kan det simpelthen ikke retfærdiggøres at give Google disse rettigheder, især ikke hvis vi snakker personligt data og for firmaer vil det direkte være i strid med loven – Det stopper dog ikke mange fra at gøre det.

Så hvad er mulighederne. I store træk har du tre; 1) sørg for at holde dit privat data væk fra de sårbare steder i skyen – en tilgang der kræver en del research, 2) Antag at dem du overlader dit data til aldrig kunne finde på at gøre noget uhensigtsmæssigt med det – den så kaldte struds-tilgang 3) eller du kan forsøge dig med at sikre dit data – et emne som jeg vil gennemgå i kommende blogindlæg.

Engelsk ikke lige din kop te? det klare vi nemt – Klik på dette link for at finde en dansk version .


There is no escaping the reality that more and more personal information have made the moved to the Web. Everything from the public services to our bank information, from the clothing stores to dating services – the Web is the place where citizens interact and where businesses ply their trade. Unfortunately with this move, has come the uncomfortable realisation that the security and privacy of these services are not keeping pace. Laws are in place, primarily through the European Data Protection Directive, which establishes a framework for how data on European citizens are to be handled, however, our data is often moved beyond the European Economic Area, which limits text extent these provisions are able to secure the data. A good example of everyday applications where we lose control of our personal data is cloud storage applications like Dropbox, OneDrive and Google Drive. These applications have allowed us to access our data from anywhere with an internet connection at any time through the multitude of devices. But are you aware of what you forfit for this convenience?

Looking into the ownership issue, it seems apparent Google does not claim ownership of the data which is uploaded to its services. This is formulated in Google Terms of

For Google Drive er data ejerskab skrevet som:

…Some of our Services allow you to upload, submit, store, send or receive content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours. …

Section Your Content in our Services
From Google Terms of Service, In effect April 14, 2014.

So far so good, but the very next sections seems inconsistent with this:

When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.

Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored. …

Section Your Content in our Services
From Google Terms of Service, In effect April 14, 2014.

This means that while Google does not claim ownership of the files uploaded they retain the rights to do anything with the data in any purpose they deem it necessary for. Formulations such as creative derivative works seems extraordinarily vague and the rights to communicate, publish, publicly perform, publicly display and distribute such content are some of the most extensive you can come across. It does state that these rights are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones, but what does that really say. The formulation is again vague and rights to use user owned data to any Google service, present and future, is quite similar to all rights as Google is one of the largest and most wide spread corporations of our time. This is clearly an issue of a one-size-fits-all policy, which grants unreasonable amount of control over users data. The reasons for making such an policy seems fairly straightforward, as quite broad rights are needed to and could work as a top level policy, if more narrower and more specific policies existed for their individual products. From a data-controllers viewpoint, it is no way justifiable to grant Google these rights over personal data and as such this makes their Terms of Service incompatible with the Act.

So what are our options. Broadly speaking, we are left with three; 1) make sure we keep our private data away from the vulnerable places in the cloud – an approach that requires quite a bit of research, 2) Assume that the services we hand our data to would never think of doing anything inappropriate with it – the so-called ostrich approach 3) or you can try to ensure your data – a topic which I will discuss in future blog posts

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *