Charter of Fundamental Rights of the European Union [2012] OJ C 326, 391Google Scholar

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L 281, 31Google Scholar

Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market [2000] OJ L 178, 1Google Scholar

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) [2002] OJ L 201, 37Google Scholar

Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council Text with EEA relevance [2011] OJ L 304, 64Google Scholar

Directive 2014/25/EU of the European Parliament and of the Council of 26 February 2014 on procurement by entities operating in the water, energy, transport and postal services sectors and repealing Directive 2004/17/EC Text with EEA relevance [2014] OJ L 94, 243Google Scholar

Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union [2016] OJ L 194, 1Google Scholar

Regulation (EC) No 864/2007 of the European Parliament and of the Council of 11 July 2007 on the law applicable to non-contractual obligations (Rome II) [2007] OJ L 199, 40Google Scholar

Regulation (EC) No 593/2008 of the European Parliament and of the Council of 17 June 2008 on the law applicable to contractual obligations (Rome I) [2008] OJ L 177, 6Google Scholar

Regulation (EU) No 1215/2012 of the European Parliament and of the Council of 12 December 2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (recast) [2012] OJ L 351, 1Google Scholar

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) [2016] OJ L 119, 1Google Scholar

Commission Decision 2000/520/EC on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce [2000] OJ L215/7Google Scholar

Commission Decision of 15 June 2001 on standard contractual clauses for the transfer of personal data to third countries, under Directive 95/46/EC (2001/497/EC) [4 July 2001] OJ L181/19Google Scholar

Commission Decision of 27 December 2001 on standard contractual clauses for the transfer of personal data to processors established in third countries, under Directive 95/46/EC (2002/16/EC) [10 January 2002] OJ L6/52Google Scholar

Commission Decision of 27 December 2004 amending Decision 2001/497/EC as regards the introduction of an alternative set of standard contractual clauses for the transfer of personal data to third countries (2004/915/EC) [29 December 2004] OJ L385/74Google Scholar

Commission Implementing Regulation (EU) 2015/806 of 22 May 2015 laying down specifications relating to the form of the EU trust mark for qualified trust services (Text with EEA relevance) C/2015/3364Google Scholar

Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield (notified under document C (2016) 4176) (Text with EEA relevance) C/2016/4176Google Scholar

Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention 108)Google Scholar

European Convention for the Protection of Human Rights and Fundamental Freedoms (European Convention on Human Rights, as Amended) (ECHR) (1950)Google Scholar

Administrative Procedure Act, Pub. L. No. 79–404, 60 Stat. 237 (codified as amended at 5 U.S.C. §§ 551–706)Google Scholar

Bank Secrecy Act, Pub. L. 91–508, Titles I, II, 84 Stat. 1114 to 1124 (1970) (as codified at 12 U.S.C.A. § 1951–59)Google Scholar

Children’s Online Privacy Protection 15 U.S.C. §§ 6501–06, Pub. L. 105–277Google Scholar

Clarifying Lawful Overseas Use of Data Act (CLOUD Act) part of the Consolidated Appropriations Act, 2018, Pub. L. 115–141.Google Scholar

Computer Fraud and Abuse Act, Pub. L. 99–474, 18 U.S.C. § 1030Google Scholar

Electronic Communications Privacy Act of 1986, Pub. L. 99–508, § 201, 100 Stat. 1848, 1860–68 (codified as amended at 18 U.S.C. §§ 2701–12)Google Scholar

Fair Credit Reporting Act of 1970, 15 U.S.C. § 1681Google Scholar

Family Education Rights and Privacy Act of 1974, Pub. L. 93–380, 88 Stat. 484 (1974) (codified as amended at 20 USC § 1232)Google Scholar

Federal Information Security Management Act of 2002, 44 U.S.C. § 3541Google Scholar

Federal Trade Commission Act, 15 U.S.C.A. § 45(a)Google Scholar

Freedom of Information Act, 5 U.S.C. § 552, As Amended by Public Law No. 104–231, 110 Stat. 3048Google Scholar

Genetic Information Nondiscrimination Act of 2008, Pub. L. 110–233, 122 Stat. 881 (2008) (codified at 42 U.S.C.A. §§ 2000ff et. seq.)Google Scholar

Gramm–Leach–Bliley Financial Modernization Act, Pub. L. 106–102, 113 Stat. 1338 (codified at 15 U.S.C. §§ 6801–09)Google Scholar

Right to Financial Privacy Act of 1978, Pub. L. 95–630, 92 Stat. 3697 (1978) (codified as amended at 12 U.S.C. §§ 3401–22)Google Scholar

Stored Communications Act, Codified at 18 U.S.C. Chapter 121 §§ 2701–12Google Scholar

United States Constitution, Amendment IVGoogle Scholar

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. L. 107–156, 115 Stat. 272Google Scholar

US Health Information Technology for Economic and Clinical Health Act, 42 U.S.C. § 17932 (2012)Google Scholar

US Health Insurance Portability and Accountability Act of 1996, Pub. L. 104–191, 110 Stat. 1936Google Scholar

Video Privacy Protection Act, Pub L. 100–618, 102 Stat. 3195 (1988) (codified at 18 U.S.C. § 2710) (2012)Google Scholar

Charter of Fundamental Rights of the European Union [2012] OJ C 326, 391Google Scholar

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L 281, 31Google Scholar

Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market [2000] OJ L 178, 1Google Scholar

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) [2002] OJ L 201, 37Google Scholar

Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council Text with EEA relevance [2011] OJ L 304, 64Google Scholar

Directive 2014/25/EU of the European Parliament and of the Council of 26 February 2014 on procurement by entities operating in the water, energy, transport and postal services sectors and repealing Directive 2004/17/EC Text with EEA relevance [2014] OJ L 94, 243Google Scholar

Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union [2016] OJ L 194, 1Google Scholar

Regulation (EC) No 864/2007 of the European Parliament and of the Council of 11 July 2007 on the law applicable to non-contractual obligations (Rome II) [2007] OJ L 199, 40Google Scholar

Regulation (EC) No 593/2008 of the European Parliament and of the Council of 17 June 2008 on the law applicable to contractual obligations (Rome I) [2008] OJ L 177, 6Google Scholar

Regulation (EU) No 1215/2012 of the European Parliament and of the Council of 12 December 2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (recast) [2012] OJ L 351, 1Google Scholar

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) [2016] OJ L 119, 1Google Scholar

Commission Decision 2000/520/EC on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce [2000] OJ L215/7Google Scholar

Commission Decision of 15 June 2001 on standard contractual clauses for the transfer of personal data to third countries, under Directive 95/46/EC (2001/497/EC) [4 July 2001] OJ L181/19Google Scholar

Commission Decision of 27 December 2001 on standard contractual clauses for the transfer of personal data to processors established in third countries, under Directive 95/46/EC (2002/16/EC) [10 January 2002] OJ L6/52Google Scholar

Commission Decision of 27 December 2004 amending Decision 2001/497/EC as regards the introduction of an alternative set of standard contractual clauses for the transfer of personal data to third countries (2004/915/EC) [29 December 2004] OJ L385/74Google Scholar

Commission Implementing Regulation (EU) 2015/806 of 22 May 2015 laying down specifications relating to the form of the EU trust mark for qualified trust services (Text with EEA relevance) C/2015/3364Google Scholar

Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield (notified under document C (2016) 4176) (Text with EEA relevance) C/2016/4176Google Scholar

Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention 108)Google Scholar

European Convention for the Protection of Human Rights and Fundamental Freedoms (European Convention on Human Rights, as Amended) (ECHR) (1950)Google Scholar

Administrative Procedure Act, Pub. L. No. 79–404, 60 Stat. 237 (codified as amended at 5 U.S.C. §§ 551–706)Google Scholar

Bank Secrecy Act, Pub. L. 91–508, Titles I, II, 84 Stat. 1114 to 1124 (1970) (as codified at 12 U.S.C.A. § 1951–59)Google Scholar

Children’s Online Privacy Protection 15 U.S.C. §§ 6501–06, Pub. L. 105–277Google Scholar

Clarifying Lawful Overseas Use of Data Act (CLOUD Act) part of the Consolidated Appropriations Act, 2018, Pub. L. 115–141.Google Scholar

Computer Fraud and Abuse Act, Pub. L. 99–474, 18 U.S.C. § 1030Google Scholar

Electronic Communications Privacy Act of 1986, Pub. L. 99–508, § 201, 100 Stat. 1848, 1860–68 (codified as amended at 18 U.S.C. §§ 2701–12)Google Scholar

Fair Credit Reporting Act of 1970, 15 U.S.C. § 1681Google Scholar

Family Education Rights and Privacy Act of 1974, Pub. L. 93–380, 88 Stat. 484 (1974) (codified as amended at 20 USC § 1232)Google Scholar

Federal Information Security Management Act of 2002, 44 U.S.C. § 3541Google Scholar

Federal Trade Commission Act, 15 U.S.C.A. § 45(a)Google Scholar

Freedom of Information Act, 5 U.S.C. § 552, As Amended by Public Law No. 104–231, 110 Stat. 3048Google Scholar

Genetic Information Nondiscrimination Act of 2008, Pub. L. 110–233, 122 Stat. 881 (2008) (codified at 42 U.S.C.A. §§ 2000ff et. seq.)Google Scholar

Gramm–Leach–Bliley Financial Modernization Act, Pub. L. 106–102, 113 Stat. 1338 (codified at 15 U.S.C. §§ 6801–09)Google Scholar

Right to Financial Privacy Act of 1978, Pub. L. 95–630, 92 Stat. 3697 (1978) (codified as amended at 12 U.S.C. §§ 3401–22)Google Scholar

Stored Communications Act, Codified at 18 U.S.C. Chapter 121 §§ 2701–12Google Scholar

United States Constitution, Amendment IVGoogle Scholar

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. L. 107–156, 115 Stat. 272Google Scholar

US Health Information Technology for Economic and Clinical Health Act, 42 U.S.C. § 17932 (2012)Google Scholar

US Health Insurance Portability and Accountability Act of 1996, Pub. L. 104–191, 110 Stat. 1936Google Scholar

Video Privacy Protection Act, Pub L. 100–618, 102 Stat. 3195 (1988) (codified at 18 U.S.C. § 2710) (2012)Google Scholar

Big Brother Watch and Others v. the United Kingdom (applications nos. 58170/13, 62322/14, and 24960/15) [2018] ECHRGoogle Scholar

Bodil Lindqvist (C-101/01) [2003] CJEUGoogle Scholar

Breyer v. Germany (C-582/14) [2016] CJEUGoogle Scholar

Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems [2017] IEHC 545Google Scholar

Digital Rights Ireland v. Ireland and Kärntner Landesregierung, Tschohl, Seitlinger and Others (C-293/12 and C-594/12) [2014] CJEUGoogle Scholar

Falk Pharma GmbH v. DAK-Gesundheit (C-410/14) [2016] CJEUGoogle Scholar

Google LLC v. Commission Nationale de l’Informatique et des Libertés (CNIL) (C-507/17) [2019] CJEUGoogle Scholar

Google Spain SL, Google Inc. v. Agencia Espannola de Proteccion de Datos (AEPD), Mario Costeja Gonzalez (C-131/12) [2014] CJEUGoogle Scholar

Heinz Huber v. Federal Republic of Germany (C-524/06) [2008] CJEUGoogle Scholar

Maximillian Schrems v. Data Protection Commissioner (C362/14) [2015] CJEUGoogle Scholar

Peter Nowak v. Data Protection Commissioner (C-434/16) [2017] CJEUGoogle Scholar

Peter Pammer v. Reederei Karl Schlüter GmbH & Co. KG (C-585/08) and Hotel Alpenhof GesmbH v. Oliver Heller (C-144/09) [2010] CJEUGoogle Scholar

Tirkkonen v. Maaseutuvirasto (C-9/17) [2018] CJEUGoogle Scholar

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v. Wirtschaftsakademie Schleswig-Holstein GmbH (C-210/16) [2018] CJEUGoogle Scholar

UsedSoft GmbH v. Oracle International Corp (C-128/11) [2012] CJEUGoogle Scholar

Weltimmo s.r.o. v. Nemzeti Adatvédelmi és Információszabadság Hatóság (C-230/14) [2015] CJEUGoogle Scholar

AstraZeneca v. International Business Machines Corporation [2011] EWHC 306 (TCC)Google Scholar

Cavendish Square Holding BV v. Talal El Makdessi [2015] UKSC 67 [2015] 3 WLR 1373Google Scholar

GB Gas Holdings Limited v. Accenture (UK) Limited and others [2010] EWCA (Civ) 912Google Scholar

Hadley v. Baxendale [1854] 9 Ex 341, 156 Eng Rep 145 (Court of Exchequer)Google Scholar

Nash and others v. Paragon Finance Plc [2001] EWCA (Civ) 1466Google Scholar

St Albans City and DC v. International Computers Ltd [1996] 4 All ER 481Google Scholar

Amazon Web Services, Incorporated v. United States, 113 Fed. Cl. 102 (2014)Google Scholar

American Broadcasting Co., Inc. v. Aereo, Inc., 134 Supreme Court 2498 (2014)Google Scholar

Applied Data Processing, Inc. v. Burroughs Corp., 394 F. Supp. 504 (D. Conn. 1975)Google Scholar

Carpenter v. United States, 138 U.S. 2206 (2018)Google Scholar

Couch v. United States, 409 U.S. 322 (1973)Google Scholar

EEOC v. United Parcel Serv., Inc., 587 F 3d 136, 139–140 (2d Cir 2009)Google Scholar

Ellis v. Cartoon Network, Inc., 803 F. 3d 1251 (11th. Cir. 2015)Google Scholar

FTC v. Wyndham Worldwide Corp., 799 F. 3d 236 (3d Cir. 2015)Google Scholar

Griswold v. Connecticut, 381 U.S. 479 (1965)Google Scholar

Katz v. United States, 389 U.S. 347 (1967)Google Scholar

LabMD, Inc. v. FTC, 894 F. 3d 1221 (2018)Google Scholar

Microsoft Corporation v. United States 829 F.3d 197 (2d Cir. 2016)Google Scholar

Microsoft Corp. v. United States, 855 F.3d 53 (2d Cir. 2017)Google Scholar

Re Warrant to Search a Certain Email Account Controlled & Maintained by Microsoft Corp., 15 F. Supp. 3d 446 (2014)Google Scholar

Re Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp., 829 F. 3d 197, 204 (CA2 2016)Google Scholar

Re Search Warrant to Google, 232 F. Supp 3d 708 (2017)Google Scholar

Riley v. California, 134 U.S. 2473 (2014)Google Scholar

Smith v. Maryland, 442 U.S. 735 (1979)Google Scholar

State of Indiana v. IBM, 51 NE. 3d 150 (2015)Google Scholar

United States, Petitioner v. Microsoft Corporation on Writ of Certiorari to the United States Court of Appeals for the Second Circuit, 584 U.S. ____ (2018)Google Scholar

United States v. Miller, 425 U.S. 435 (1976)Google Scholar

US v. Jones, 565 U.S. 400 (2012)Google Scholar

Warshak v. United States, 490 F. 3d 455 (6th Cir. 2007)Google Scholar

Wartsila NSD North America, Inc. v. Hill Intern, Inc., 436 F. Supp. 2d 690 (2006)Google Scholar

SS Lotus (France v. Turkey) 1927 PCIJ (ser. A) No 10 (7 September 1927)Google Scholar

Krishnamurthy, V. and Kortzus, M., ‘Brief Amicus Curiae of UN Special Rapporteur on the Right to Privacy Joseph Cannataci in Support of Neither Party’ in US v. Microsoft Corporation (2017)Google Scholar

Vandenberg, J., ‘Brief for 51 Computer Scientists as Amici Curiae in Support of the Respondent’ in Amici Curie Brief Filed in Microsoft Warrant Case (2017)Google Scholar

Thon, B. and Alhaug, G., ‘Varsel om vedtak – overtredelsesgebyr – Akershus universitetssykehus HF’ [Notification of Decision and Fine – Akershus University Hospital] (Datatilsynet [Norwegian DPA]) (2017) www.datatilsynet.no/globalassets/global/regelverk/avgjorelser-datatilsynet/2017/16-01531-53-varsel-om-vedtak--overtredelsesgebyr--akershus-universitetssykehus-hf--222955_3_1.pdfGoogle Scholar

Big Brother Watch and Others v. the United Kingdom (applications nos. 58170/13, 62322/14, and 24960/15) [2018] ECHRGoogle Scholar

Bodil Lindqvist (C-101/01) [2003] CJEUGoogle Scholar

Breyer v. Germany (C-582/14) [2016] CJEUGoogle Scholar

Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems [2017] IEHC 545Google Scholar

Digital Rights Ireland v. Ireland and Kärntner Landesregierung, Tschohl, Seitlinger and Others (C-293/12 and C-594/12) [2014] CJEUGoogle Scholar

Falk Pharma GmbH v. DAK-Gesundheit (C-410/14) [2016] CJEUGoogle Scholar

Google LLC v. Commission Nationale de l’Informatique et des Libertés (CNIL) (C-507/17) [2019] CJEUGoogle Scholar

Google Spain SL, Google Inc. v. Agencia Espannola de Proteccion de Datos (AEPD), Mario Costeja Gonzalez (C-131/12) [2014] CJEUGoogle Scholar

Heinz Huber v. Federal Republic of Germany (C-524/06) [2008] CJEUGoogle Scholar

Maximillian Schrems v. Data Protection Commissioner (C362/14) [2015] CJEUGoogle Scholar

Peter Nowak v. Data Protection Commissioner (C-434/16) [2017] CJEUGoogle Scholar

Peter Pammer v. Reederei Karl Schlüter GmbH & Co. KG (C-585/08) and Hotel Alpenhof GesmbH v. Oliver Heller (C-144/09) [2010] CJEUGoogle Scholar

Tirkkonen v. Maaseutuvirasto (C-9/17) [2018] CJEUGoogle Scholar

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v. Wirtschaftsakademie Schleswig-Holstein GmbH (C-210/16) [2018] CJEUGoogle Scholar

UsedSoft GmbH v. Oracle International Corp (C-128/11) [2012] CJEUGoogle Scholar

Weltimmo s.r.o. v. Nemzeti Adatvédelmi és Információszabadság Hatóság (C-230/14) [2015] CJEUGoogle Scholar

AstraZeneca v. International Business Machines Corporation [2011] EWHC 306 (TCC)Google Scholar

Cavendish Square Holding BV v. Talal El Makdessi [2015] UKSC 67 [2015] 3 WLR 1373Google Scholar

GB Gas Holdings Limited v. Accenture (UK) Limited and others [2010] EWCA (Civ) 912Google Scholar

Hadley v. Baxendale [1854] 9 Ex 341, 156 Eng Rep 145 (Court of Exchequer)Google Scholar

Nash and others v. Paragon Finance Plc [2001] EWCA (Civ) 1466Google Scholar

St Albans City and DC v. International Computers Ltd [1996] 4 All ER 481Google Scholar

Amazon Web Services, Incorporated v. United States, 113 Fed. Cl. 102 (2014)Google Scholar

American Broadcasting Co., Inc. v. Aereo, Inc., 134 Supreme Court 2498 (2014)Google Scholar

Applied Data Processing, Inc. v. Burroughs Corp., 394 F. Supp. 504 (D. Conn. 1975)Google Scholar

Carpenter v. United States, 138 U.S. 2206 (2018)Google Scholar

Couch v. United States, 409 U.S. 322 (1973)Google Scholar

EEOC v. United Parcel Serv., Inc., 587 F 3d 136, 139–140 (2d Cir 2009)Google Scholar

Ellis v. Cartoon Network, Inc., 803 F. 3d 1251 (11th. Cir. 2015)Google Scholar

FTC v. Wyndham Worldwide Corp., 799 F. 3d 236 (3d Cir. 2015)Google Scholar

Griswold v. Connecticut, 381 U.S. 479 (1965)Google Scholar

Katz v. United States, 389 U.S. 347 (1967)Google Scholar

LabMD, Inc. v. FTC, 894 F. 3d 1221 (2018)Google Scholar

Microsoft Corporation v. United States 829 F.3d 197 (2d Cir. 2016)Google Scholar

Microsoft Corp. v. United States, 855 F.3d 53 (2d Cir. 2017)Google Scholar

Re Warrant to Search a Certain Email Account Controlled & Maintained by Microsoft Corp., 15 F. Supp. 3d 446 (2014)Google Scholar

Re Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp., 829 F. 3d 197, 204 (CA2 2016)Google Scholar

Re Search Warrant to Google, 232 F. Supp 3d 708 (2017)Google Scholar

Riley v. California, 134 U.S. 2473 (2014)Google Scholar

Smith v. Maryland, 442 U.S. 735 (1979)Google Scholar

State of Indiana v. IBM, 51 NE. 3d 150 (2015)Google Scholar

United States, Petitioner v. Microsoft Corporation on Writ of Certiorari to the United States Court of Appeals for the Second Circuit, 584 U.S. ____ (2018)Google Scholar

United States v. Miller, 425 U.S. 435 (1976)Google Scholar

US v. Jones, 565 U.S. 400 (2012)Google Scholar

Warshak v. United States, 490 F. 3d 455 (6th Cir. 2007)Google Scholar

Wartsila NSD North America, Inc. v. Hill Intern, Inc., 436 F. Supp. 2d 690 (2006)Google Scholar

SS Lotus (France v. Turkey) 1927 PCIJ (ser. A) No 10 (7 September 1927)Google Scholar

Krishnamurthy, V. and Kortzus, M., ‘Brief Amicus Curiae of UN Special Rapporteur on the Right to Privacy Joseph Cannataci in Support of Neither Party’ in US v. Microsoft Corporation (2017)Google Scholar

Vandenberg, J., ‘Brief for 51 Computer Scientists as Amici Curiae in Support of the Respondent’ in Amici Curie Brief Filed in Microsoft Warrant Case (2017)Google Scholar

Thon, B. and Alhaug, G., ‘Varsel om vedtak – overtredelsesgebyr – Akershus universitetssykehus HF’ [Notification of Decision and Fine – Akershus University Hospital] (Datatilsynet [Norwegian DPA]) (2017) www.datatilsynet.no/globalassets/global/regelverk/avgjorelser-datatilsynet/2017/16-01531-53-varsel-om-vedtak--overtredelsesgebyr--akershus-universitetssykehus-hf--222955_3_1.pdfGoogle Scholar

Thon, B. and Alhaug, G., ‘Varsel om vedtak – overtredelsesgebyr – Akershus universitetssykehus HF’ [Notification of Decision and Fine – Akershus University Hospital] (Datatilsynet [Norwegian DPA]) (2017) www.datatilsynet.no/globalassets/global/regelverk/avgjorelser-datatilsynet/2017/16-01531-53-varsel-om-vedtak--overtredelsesgebyr--akershus-universitetssykehus-hf--222955_3_1.pdfGoogle Scholar

Bar, C. and others, ‘Principles, Definitions and Model Rules of European Private Law: Draft Common Frame of Reference (DCFR): Vol. 1’ (Full ed., Sellier 2009) sec. IIGoogle Scholar

Costello, M., ‘Data Security Generally’ 1 Data Security & Privacy Law Westlaw (2017) sec. 3: 2Google Scholar

Restatement (Fourth) of Foreign Relations Law, ‘Jurisdiction Based on Effects’ (2016) sec. 213Google Scholar

Restatement (Second) of Contracts, ‘Contract Defined’ (1981) sec. 1Google Scholar

Restatement (Second) of Contracts, ‘Intended and Incidental Beneficiaries’ (1981) sec. 302Google Scholar

Restatement (Third) of Foreign Relations Law, ‘Bases of Jurisdiction to Prescribe’ (1987) sec. 402Google Scholar

Uniform Commercial Code (UCC), ‘Article 2 – Implied Warranty of Merchantability’ (2002) sec. 2-314-315Google Scholar

Uniform Commercial Code (UCC), ‘Article 2 – Sales: Breach, Repudiation and Excuse’ (2002) sec. 2-615Google Scholar

CNIL, ‘Security of Personal Data’ Report/Guidance (2018) www.cnil.fr/sites/default/files/atoms/files/cnil_guide_securite_personnelle_gb_web.pdfGoogle Scholar

Datatilsynet [Norwegian Data Protection Authority], ‘Reply - Use of Microsoft Office 365 Cloud Computing Services - Municipality of Moss’ Vol 11/01198-4/LON (2012)Google Scholar

Datatilsynet [Norwegian Data Protection Authority], ‘Saken avsluttes - Ny e-postløsning i Narvik Kommune-Google Apps’ [‘Case Closed- New Email solution for Narvik Municipality – Google Apps’] Vol. 11/00593-18 RTH (2012)Google Scholar

European Data Protection Board, ‘Endorsement 1/2018’ (25 May 2018) https://edpb.europa.eu/sites/edpb/files/files/news/endorsement_of_wp29_documents_en_0.pdfGoogle Scholar

European Data Protection Board, ‘European Data Protection Board Rules of Procedure’ (25 May 2018) https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_rop_adopted_en.pdfGoogle Scholar

European Data Protection Board, ‘Statement of the EDPB on the Revision of the ePrivacy Regulation and its Impact on the Protection of Individuals with Regard to the Privacy and Confidentiality of their Communications’ (25 May 2018) https://edpb.europa.eu/our-work-tools/our-documents/other/edpb-statement-eprivacy-25052018_enGoogle Scholar

European Data Protection Board, ‘Guidelines 4/2019 on Article 25 Data Protection by Design and by Default’ Version 2.0 (20 October 2020) https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-42019-article-25-data-protection-design-and_enGoogle Scholar

European Data Protection Board, ‘Frequently Asked Questions on the Judgment of the Court of Justice of the European Union in Case C-311/18 - Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems 24/ 07/2020’ (23 July 2020) https://edpb.europa.eu/our-work-tools/our-documents/ohrajn/frequently-asked-questions-judgment-court-justice-european-union_enGoogle Scholar

European Data Protection Board, ‘Recommendations 01/2020 on Measures that Supplement Transfer Tools to Ensure Compliance with the EU Level of Protection of Personal Data - Version for Public Consultation’ (11 November 2020) https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/recommendations-012020-measures-supplement-transfer_enGoogle Scholar

European Data Protection Board, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)- Version for public consultation’ (16 November 2018) https://edpb.europa.eu/our-work-tools/public-consultations/2018/guidelines-32018-territorial-scope-gdpr-article-3_enGoogle Scholar

European Data Protection Supervisor, ‘Guidelines on the Use of Cloud Computing Services by the European Institutions and Bodies’ (16 March 2018) https://edps.europa.eu/data-protection/our-work/publications/guidelines/guidelines-use-cloud-computing-services-european_enGoogle Scholar

European Data Protection Supervisor, ‘Opinion 5/2018 Preliminary Opinion on Privacy by Design’ (2018) https://edps.europa.eu/data-protection/our-work/publications/opinions/privacy-design_enGoogle Scholar

European Data Protection Supervisor, ‘The Transfer of Personal Data to Third Countries and International Organisations by EU Institutions and Bodies’ (2014) https://edps.europa.eu/sites/edp/files/publication/14-07-14_transfer_third_countries_en.pdfGoogle Scholar

Federal Trade Commission, ‘ASUS Settles FTC Charges That Insecure Home Routers and “Cloud” Services Put Consumers’ Privacy at Risk’ Press Release (23 February 2016) www.ftc.gov/news-events/press-releases/2015/12/lifelock-pay-100-million-consumers-settle-ftc-charges-it-violatedGoogle Scholar

Federal Trade Commission, ‘Facebook Settles FTC Charges That It Deceived Consumers by Failing to Keep Privacy Promises’ Press Release (17 December 2015) www.ftc.gov/news-events/press-releases/2015/12/lifelock-pay-100-million-consumers-settle-ftc-charges-it-violatedGoogle Scholar

Federal Trade Commission and ASUSTeK Computer, Inc., ‘Agreement Containing Consent Order File No. 1423156’ (2016) www.ftc.gov/system/files/documents/cases/160222asusagree.pdfGoogle Scholar

Information Commissioner Elizabeth Denham, ‘Investigation into the Use of Data Analytics in Political Campaigns’ United Kingdom Information Commissioner (ICO) Report (11 July 2018) https://ico.org.uk/media/action-weve-taken/2259371/investigation-into-data-analytics-for-political-purposes-update.pdfGoogle Scholar

Information Commissioner’s Office, ‘Guidance on the Use of Cloud Computing 2012100 2 Version: 1.1’ (2012) https://ico.org.uk/media/fororganisations/documents/1540/cloud_computing_guidance_for_organisations.pdfGoogle Scholar

WP29, ‘Guidelines on Consent under Regulation 2016/679’ 259 rev. 01 (2018)Google Scholar

WP29, ‘Guidelines on Consent under Regulation 2016/679’ 259 (2017)Google Scholar

WP29, ‘Guidelines on Data Protection Impact Assessment (DPIA) and Determining whether Processing Is “Likely to Result in a High Risk” for the Purposes of Regulation 2016/679’ 248 rev. 01 (2017)Google Scholar

WP29, ‘Guidelines on Data Protection Officers’ 243 rev. 01 (2017)Google Scholar

WP29, ‘Guidelines on Personal Data Breach Notification under Regulation 2016/679’ wp250 rev.01 (2017)Google Scholar

WP29, ‘Guidelines on the Application and Setting of Administrative Fines for the Purpose of the Regulation 2016/679’ 253 (2017)Google Scholar

WP29, ‘Guidelines on the Right to Data Portability’ 242 rev. 01 (2017)Google Scholar

WP29, ‘Guidelines on Transparency under Regulation 2016/679’ 260 (2016)Google Scholar

WP29, ‘Letter of Ms Falque-Pierrotin (ART29 WP) to CISPE’ (2018)Google Scholar

WP29, ‘Opinion 01/2016 on the EU – U.S. Privacy Shield Draft Adequacy Decision’ 238 (2016)Google Scholar

WP29, ‘Opinion 1/2010 on the Concepts of “Controller” and “Processor”’ 169 (2010)Google Scholar

WP29, ‘Opinion 2/2017 on Data Processing at Work’ 249 (2017)Google Scholar

WP29, ‘Opinion 03/2013 on Purpose Limitation’ 203 (2013)Google Scholar

WP29, ‘Opinion 3/2010 on the Principle of Accountability’ 173 (2010)Google Scholar

WP29, ‘Opinion 4/2007 on the Concept of Personal Data’ 136 (2007)Google Scholar

WP29, ‘Opinion 05/2012 on Cloud Computing’ 196 (2012)Google Scholar

WP29, ‘Opinion 05/2014 on Anonymisation Techniques’ 216 (2014)Google Scholar

WP29, ‘Opinion 06/2014 on the Notion of Legitimate Interests of the Data Controller under Article 7 of Directive 95/46/EC’ 217 (2014)Google Scholar

WP29, ‘Opinion 15/2011 on the Definition of Consent’ 187 (2011)Google Scholar

Alassafi, M. and others, ‘Security in Organisations: Governance, Risks and Vulnerabilities in Moving to the Cloud’ in Chang, V. and others (eds.), Enterprise Security: Second International Workshop, ES 2015, Vancouver, BC, Canada, November 30 – December 3, 2015, Revised Selected Papers (Cham: Springer International 2017)Google Scholar

Albano, G. and Nicholas, C., ‘The Design of Framework Agreements’ in Nicholas, C. and Albano, G. L. (eds.), The Law and Economics of Framework Agreements: Designing Flexible Solutions for Public Procurement (Cambridge: Cambridge University Press 2016)Google Scholar

Alhamad, M., Dillon, T., and Chang, E., ‘Conceptual SLA Framework for Cloud Computing’ (Digital Ecosystems and Technologies [DEST] 4th IEEE International Conference, 2010)Google Scholar

Andrecka, M., ‘Sustainable Public Procurement under Framework Agreements’ in Sjåfjell, B. and Wiesbrock, A. (eds.), Sustainable Public Procurement Under EU Law: New Perspectives on the State as Stakeholder (Cambridge: Cambridge University Press 2015)Google Scholar

Aplin, T. and others (eds.), Gurry on Breach of Confidence: The Protection of Confidential Information (Oxford: Oxford University Press 2012)Google Scholar

Bamberger, K. and Mulligan, D. K., Privacy on the Ground: Driving Corporate Behavior in the United States and Europe (Cambridge, MA: MIT Press 2015)Google Scholar

Beatson, J., Burrows, A., and Cartwright, J. (eds.), Anson’s Law of Contract (30th ed., Oxford: Oxford University Press 2016)Google Scholar

Bentzen, H. and Svantesson, D. J. B., ‘Jurisdictional Challenges Related to DNA Data Processing in Transnational Clouds’ in Svantesson, D. J. B. and Kloza, D. (eds.), Trans-Atlantic Data Privacy Relations as a Challenge for Democracy (Cambridge: Intersentia 2017)Google Scholar

Bix, B., ‘History and Sources’ in Bix, B. H. (ed.), Contract Law: Rules, Theory, and Context (Cambridge: Cambridge University Press 2012)Google Scholar

Bock, K., ‘Data Protection Certification: Decorative or Effective Instrument? Audit and Seals as a Way to Enforce Privacy’ in Wright, D. and Hert, P. De (eds.), Enforcing Privacy: Regulatory, Legal and Technological Approaches (Cham: Springer International 2016)Google Scholar

Bovis, C., ‘The Principles of Public Procurement Regulation’ in Bovis, C. H. (ed.), Research Handbook on EU Public Procurement Law (Cheltenham: Edward Elgar 2016)Google Scholar

Bradshaw, S., Millard, C., and Walden, I., ‘Standard Contracts for Cloud Services’ in Millard, C. (ed.), Cloud Computing Law (Oxford: Oxford University Press 2013)Google Scholar

Bygrave, L., ‘Contract vs. Statute in Internet Governance’ in Brown, I. (ed.), Research Handbook on Governance of the Internet (Cheltenham: Edward Elgar 2013)Google Scholar

Bygrave, L., Data Privacy Law: An International Perspective (Oxford: Oxford University Press 2014)Google Scholar

Bygrave, L., Data Protection Law: Approaching its Rationale, Logic, and Limits (London: Kluwer Law International 2002)Google Scholar

Bygrave, L., ‘Hardwiring Privacy’ in Brownsword, R., Scotford, E., and Yeung, K. (eds.), The Oxford Handbook of Law, Regulation and Technology (Oxford: Oxford University Press 2017)Google Scholar

Bygrave, L., Internet Governance by Contract (Oxford: Oxford University Press 2015)Google Scholar

Bygrave, L. and Michaelsen, T., ‘Governors of Internet’ in Bygrave, L. and Bing, J. (eds.), Internet Governance: Infrastructure and Institutions (Oxford: Oxford University Press 2009)Google Scholar

Bygrave, L. and others, ‘The Naming Game: Governance of the Domain Name System’ in Bygrave, L. and Bing, J. (eds.), Internet Governance: Infrastructure and Institutions (Oxford: Oxford University Press 2009)Google Scholar

Caimi, C. and others, ‘Implementing Privacy Policies in the Cloud’ in Cleary, F. and Felici, M. (eds.), Cyber Security and Privacy: 4th Cyber Security and Privacy Innovation Forum, CSP Innovation Forum 2015, Brussels, Belgium April 28–29, 2015, Revised Selected Papers (Cham: Springer International 2015)Google Scholar

Caimi, C. and others, ‘Legal and Technical Perspectives in Data Sharing Agreements Definition’ in Berendt, B. and others (eds.), Privacy Technologies and Policy: Third Annual Privacy Forum, APF 2015, Luxembourg, October 7–8, 2015, Revised Selected Papers (Cham: Springer 2016)Google Scholar

Canavan, R., ‘Public Procurement and Frameworks’ in Bovis, C. H. (ed.), Research Handbook on EU Public Procurement Law (Cheltenham: Edward Elgar 2016)Google Scholar

Canuel, E., ‘Comparing Exculpatory Clauses under Anglo-American Law: Testing Total Legal Convergence’ in Cordero-Moss, G. (ed.), Boilerplate Clauses, International Commercial Contracts and the Applicable Law (Cambridge: Cambridge University Press 2011)Google Scholar

Charles, C., ‘Public Procurement and Contracting Authorities’ in Bovis, C. (ed.), Research Handbook on EU Public Procurement Law (Cheltenham: Edward Elgar 2016)Google Scholar

Chesterman, S., ‘Intelligence Services’ in Chesterman, S. and Fisher, A. (eds.), Private Security, Public Order: The Outsourcing of Public Services and Its Limits (Oxford: Oxford University Press 2009)Google Scholar

Cordero-Moss, G., ‘Conclusion: The Self-Sufficient Contract, Uniformly Interpreted on the Basis of Its Own Terms: An Illusion, But Not Fully Useless’ in Cordero-Moss, G. (ed.), Boilerplate Clauses, International Commercial Contracts and the Applicable Law (Cambridge: Cambridge University Press 2011)Google Scholar

Cordero-Moss, G., ‘Contract Practice and Its Expectations in Terms of the Governing Law’ in Cordero-Moss, G. (ed.), International Commercial Contracts: Applicable Sources and Enforceability (Cambridge: Cambridge University Press 2014)Google Scholar

Cordero-Moss, G., ‘The Impact of the Governing Law’ in Cordero-Moss, G. (ed.), International Commercial Contracts: Applicable Sources and Enforceability (Cambridge: Cambridge University Press 2014)Google Scholar

Corthaut, T. and others, ‘Operationalizing Accountability in Respect of Informal International Lawmaking Mechanisms’ in Pauwelyn, J., Wessel, R., and Wouters, J. (eds.), Informal International Lawmaking (Oxford: Oxford University Press 2012)Google Scholar

Cottrell, M., ‘Legitimacy and Institutional Replacement’ in Cottrell, M. P. (ed.), The Evolution and Legitimacy of International Security Institutions (Cambridge: Cambridge University Press 2016)Google Scholar

Cunningham, A. and Reed, C., ‘Consumer Protection in Cloud Environments’ in Millard, C. (ed.), Cloud Computing Law (Oxford: Oxford University Press 2013)Google Scholar

Czerniawski, M., ‘Extraterritoriality in the Age of the Equipment-Based Society. Do We Need the “Use of Equipment” as a Factor for the Territorial Applicability of the EU Data Protection Regime?’ in Svantesson, D. and Kloza, D. (eds.), European Integration and Democracy Series, vol. 4 (Cambridge: Intersentia 2017)Google Scholar

Davies, A., The Public Law of Government Contracts (Oxford: Oxford University Press 2008)Google Scholar

DiMatteo, L., Zhou, Q., and Saintier, S., ‘Transatlantic Perspectives’ in Rowley, K. and others (eds.), Commercial Contract Law: Transatlantic Perspectives (Cambridge: Cambridge University Press 2013)Google Scholar

Dobinson, I. and Johns, F., ‘Qualitative Legal Research’ in McConville, M. and Chui, W. H. (eds.), Research Methods for Law (Edinburgh: Edinburgh University Press 2007)Google Scholar

Donahue, J., ‘The Transformation of Government Work: Causes, Consequences, and Distortions’ in Freeman, J. and Minow, M. (eds.), Government by Contract: Outsourcing and American Democracy (Cambridge, MA: Harvard University Press 2009)Google Scholar

Dziminski, B. and Gleeson, N. C., ‘Legal Aspects of Cloud Accountability’ in Felici, M. and Fernández-Gago, C. (eds.), Accountability and Security in the Cloud: First Summer School, Cloud Accountability Project, A4Cloud, Malaga, Spain, June 2–6, 2014, Revised Selected Papers and Lectures (Cham: Springer International 2015)Google Scholar

Egea, M. and others, ‘Definition of Data Sharing Agreements: The Case of Spanish Data Protection Law’ in Felici, M. and Fernández-Gago, C. (eds.), Accountability and Security in the Cloud: First Summer School, Cloud Accountability Project, A4Cloud, Malaga, Spain, June 2–6, 2014, Revised Selected Papers and Lectures (Cham: Springer International 2015)Google Scholar

Esayas, S., Mahler, T., and McGillivray, K., ‘Is a Picture Worth a Thousand Terms? Visualising Contract Terms and Data Protection Requirements for Cloud Computing Users’ in Casteleyn, S., Dolog, P., and Pautasso, C. (eds.), Current Trends in Web Engineering: ICWE 2016 International Workshops, DUI, TELERISE, SoWeMine, and Liquid Web, Lugano, Switzerland, June 6-9, 2016. Revised Selected Papers (Cham: Springer International 2016)Google Scholar

Fawcett, J. J., Harris, J., and Bridge, M., International Sale of Goods in the Conflict of Laws (Oxford: Oxford University Press 2005)Google Scholar

Feldman, S., Government Contracts in a Nutshell (Saint Paul, MN: West Academic 2015)Google Scholar

Ferguson, I., ‘Outsourcing Contract Structures’ in Jongen, H. (ed.), International Outsourcing Law and Practice (Alphen aan den Rijn: Kluwer Law International 2008)Google Scholar

Forgó, N., Hänold, S., and Schütze, B., ‘The Principle of Purpose Limitation and Big Data’ in Corrales, M., Fenwick, M., and Forgó, N. (eds), New Technology, Big Data and the Law (Singapore: Springer 2017)Google Scholar

Freeman, J. and Minow, M., ‘Introduction: Reframing the Outsourcing Debates’ in Freeman, J. and Minow, M. (eds.), Government by Contract: Outsourcing and American Democracy (Cambridge, MA: Harvard University Press 2009)Google Scholar

Gandal, N. and Régibeau, P., ‘Standard-Setting Organisations’ in Delimatsis, P. (ed.), The Law, Economics and Politics of International Standardisation (Cambridge: Cambridge University Press 2015)Google Scholar

Garner, B. (ed.), Black’s Law Dictionary (10th ed., Eagan, MN: Thomson West 2014)Google Scholar

Gellman, R. and Dixon, P., ‘Failures of Privacy Self-Regulation in the United States’ in Wright, D. and De Hert, P. (eds.), Enforcing Privacy: Regulatory, Legal and Technological Approaches (Cham: Springer International 2016)Google Scholar

Georgieva, I., ‘The EU Principles in Public Procurement. Transparency – Origin and Main Characteristics’ in Georgieva, I. (ed.), Using Transparency against Corruption in Public Procurement: A Comparative Analysis of the Transparency Rules and Their Failure to Combat Corruption (Cham: Springer 2017)Google Scholar

Greenleaf, G., Asian Data Privacy Laws: Trade & Human Rights Perspectives (Oxford: Oxford University Press 2014)Google Scholar

Hagstrøm, V., ‘The Nordic Tradition: Application of Boilerplate Clauses under Norwegian Law’ in Cordero-Moss, G. (ed.), Boilerplate Clauses, International Commercial Contracts and the Applicable Law (Cambridge: Cambridge University Press 2011)Google Scholar

Halliday, T. and Shaffer, G., ‘Transnational Legal Orders’ in Halliday, T. C. and Shaffer, G. (eds.), Transnational Legal Orders (Cambridge: Cambridge University Press 2015)Google Scholar

Hippelainen, L., Oliver, I., and Lal, S., ‘Towards Dependably Detecting Geolocation of Cloud Servers’ in Yan, Z. and others (eds.), Network and System Security (Cham: Springer 2017)Google Scholar

Hon, W. K., Data Localization Laws and Policy: The EU Data Protection International Transfers Restriction through a Cloud Computing Lens (Cheltenham: Edward Elgar 2017)Google Scholar

Hon, W. K. and Millard, C., ‘Cloud Technologies and Services’ in Millard, C. (ed.), Cloud Computing Law (Oxford: Oxford University Press 2013)Google Scholar

Hon, W. K., Millard, C., and Walden, I., ‘Negotiated Contracts for Cloud Services’ in Millard, C. (ed.), Cloud Computing Law (Oxford: Oxford University Press 2013)Google Scholar

Hon, W. K., Millard, C., and Walden, I., ‘Public Sector Cloud Contracts’ in Millard, C. (ed.), Cloud Computing Law (Oxford: Oxford University Press 2013)Google Scholar

Hon, W. K., Millard, C., and Walden, I., ‘What is Regulated as Personal Data in Clouds?’ in Millard, C. (ed.), Cloud Computing Law (Oxford: Oxford University Press 2013)Google Scholar

Hon, W. K., Hörnle, J., and Millard, C., ‘Which Law(s) Apply to Personal Data in Clouds?’ in Millard, C. (ed.), Cloud Computing Law (Oxford: Oxford University Press 2013)Google Scholar

Hoofnagle, C., Federal Trade Commission Privacy Law and Policy (Cambridge: Cambridge University Press 2016)Google Scholar

Kelman, S., ‘Federal Contracting in Context: What Drives It, How to Improve It’ in Freeman, J. and Minow, M. (eds.), Government by Contract: Outsourcing and American Democracy (Cambridge, MA: Harvard University Press 2009)Google Scholar

Kimball, G., Outsourcing Agreements: A Practical Guide (Oxford: Oxford University Press 2010)Google Scholar

Klass, G., Contract Law in the United States (2nd ed., Alphen aan den Rijn: Kluwer Law International 2012)Google Scholar

Koops, B.-J. and others, ‘Should Self-Regulation be the Starting Point?’ in Koops, B.-J. and others (eds.), Starting Points for ICT Regulation: Deconstructing Prevalent Policy One-liners (Den Haag, Netherlands: T.M.C. Asser 2006)Google Scholar

Kosta, E. and Stuurman, K., ‘Technical Standards and the Draft General Data Protection Regulation’ in Delimatsis, P. (ed.), The Law, Economics and Politics of International Standardisation (Cambridge: Cambridge University Press 2015)Google Scholar

Kuner, C., ‘Applicable Law, Extraterritoriality, and Transborder Data Flows’ in Transborder Data Flows and Data Privacy Law (Oxford: Oxford University Press 2013)Google Scholar

Lee, N., ‘Social Networks and Privacy’ in Lee, N. (ed.), Facebook Nation (New York: Springer-Verlag 2013)Google Scholar

Lessig, L., Code: Version 2.0 (New York: Basic Books 2006)Google Scholar

Lord, R. A., Williston on Contracts (4th ed., London: Sweet & Maxwell 1993)Google Scholar

Lynskey, O., The Foundations of EU Data Protection Law (Oxford: Oxford University Press 2015)Google Scholar

Marsden, C. T., Internet Co-Regulation: European Law, Regulatory Governance and Legitimacy in Cyberspace (Cambridge: Cambridge University Press 2011)Google Scholar

Mendelson, N., ‘Six Simple Steps to Increase Contractor Accountability’ in Freeman, J. and Minow, M. (eds.), Government by Contract: Outsourcing and American Democracy (Cambridge, MA: Harvard University Press 2009)Google Scholar

Merry, S., ‘Firming Up Soft Law’ in Halliday, T. C. and Shaffer, G. (eds.), Transnational Legal Orders (Cambridge: Cambridge University Press 2015)Google Scholar

Metheny, M., Federal Cloud Computing: The Definitive Guide for Cloud Service Providers (Cambridge, MA: Elsevier Science 2012)Google Scholar

Millard, C. and Kamarinou, D., ‘Article 28. Processor’ in Kuner, C., Bygrave, L., Docksey, C., and Drechsler, L. (eds.), The EU General Data Protection Regulation (GDPR): A Commentary (Oxford: Oxford University Press, 2020)Google Scholar

Miller, L., The Emergence of EU Contract Law: Exploring Europeanization (Oxford: Oxford University Press 2011)Google Scholar

Miller, L., ‘The Notion of Europeanization and the Significance of Transnational Private Lawmaking’ in Miller, L. (ed.), The Emergence of EU Contract Law: Exploring Europeanization (Oxford: Oxford University Press 2011)Google Scholar

Mills, A., ‘Public International Law and Private International Law’ in Basedow, J. and others (eds.), Encyclopedia of Private International Law (Cheltenham: Edward Elgar 2017)Google Scholar

Moerel, L., Binding Corporate Rules: Corporate Self-Regulation of Global Data Transfers (Oxford: Oxford University Press 2012)Google Scholar

Morgan, R. and Burden, K., Morgan and Burden on Computer Contracts (8th ed., London: Sweet & Maxwell Thomson Reuters 2009)Google Scholar

Negroponte, N., Being Digital (London: Hodder and Stoughton 1996)Google Scholar

Ojanen, T., ‘Rights-Based Review of Electronic Surveillance after Digital Rights Ireland and Schrems in the European Union’ in Cole, D., Fabbrini, F., and Schulhofer, S. (eds.), Surveillance, Privacy and Trans-Atlantic Relations, vol. 1 (Oxford: Hart 2017)Google Scholar

Pannetrat, A. and Luna, J., ‘Standards for Accountability in the Cloud’ in Felici, M. and Fernández-Gago, C. (eds.), Accountability and Security in the Cloud: First Summer School, Cloud Accountability Project, A4Cloud, Malaga, Spain, June 2–6, 2014, Revised Selected Papers and Lectures (Cham: Springer International 2015)Google Scholar

Peel, E., ‘The Common Law Tradition: Application of Boilerplate Clauses under English Law’ in Cordero-Moss, G. (ed.), Boilerplate Clauses, International Commercial Contracts and the Applicable Law (Cambridge: Cambridge University Press 2011)Google Scholar

Polčák, R. and Svantesson, D. J. B., Information Sovereignty: Data Privacy, Sovereign Powers and the Rule of Law (Cheltenham: Edward Elgar 2017)Google Scholar

Reed, C., ‘Cloud Governance: The Way Forward’ in Millard, C. (ed.), Cloud Computing Law (Oxford: Oxford University Press 2013)Google Scholar

Reed, C., Making Laws for Cyberspace (Oxford: Oxford University Press 2012)Google Scholar

Reich, N., ‘The Public/Private Divide in European Law’ in Micklitz, H.-W. and Cafaggi, Fo (eds.), European Private Law after the Common Frame of Reference (Cheltenham: Edward Elgar 2010)Google Scholar

Rotenberg, M., ‘In re EPIC and the Role of NGOs and Experts in Surveillance Cases’ in Cole, D., Fabbrini, F., and Schulhofer, S. (eds.), Surveillance, Privacy and Trans-Atlantic Relations (Oxford: Hart 2017)Google Scholar

Rubinstein, I., Nojeim, G. T., and Lee, R. D., ‘Systematic Government Access to Private-Sector Data’ in Cate, F. H. and Dempsey, J. X. (eds.), Bulk Collection: Systematic Government Access to Private-Sector Data (Oxford: Oxford University Press 2017)Google Scholar

Ruiz, J. and others, ‘A Lifecycle for Data Sharing Agreements: How it Works Out’ in Schiffner, S. and others (eds.), Privacy Technologies and Policy. APF 2016. Lecture Notes in Computer Science, vol. 9857 (Cham: Springer 2016)Google Scholar

Ruparelia, N., Cloud Computing (Cambridge, MA: MIT Press 2016)Google Scholar

Ryngaert, C., Jurisdiction in International Law (Oxford: Oxford University Press 2008)Google Scholar

Sanz-Requena, R. and others, ‘A Cloud-Based Radiological Portal for the Patients: IT Contributing to Position the Patient as the Central Axis of the 21st Century Healthcare Cycles’ in 2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity (IEEE Press 2015)Google Scholar

Soloway, S. and Chvotkin, A., ‘Federal Contracting in Context: What Drives It, How to Improve It’ in Freeman, J. and Minow, M. (eds.), Government by Contract: Outsourcing and American Democracy (Cambridge, MA: Harvard University Press 2009)Google Scholar

Spagnoli, F., Bellini, F., and Ghi, A., ‘A Methodology for the Impact Assessment of a G-Cloud Strategy for the Italian Ministry of the Economic Development’ in Rossignoli, C, Gatti, M, and Agrifoglio, R (eds), Organizational Innovation and Change: Managing Information and Technology (Cham: Springer International 2016)Google Scholar

Statsky, W., West’s Legal Thesaurus/Dictionary (Special deluxe ed., Eagan, MN: Thomson West 1986)Google Scholar

Svantesson, D., Extraterritoriality in Data Privacy Law (Copenhagen: Ex Tuto 2013)Google Scholar

Svantesson, D., Solving the Internet Jurisdiction Puzzle (Oxford: Oxford University Press 2017)Google Scholar

Swire, P., ‘US Surveillance Law, Safe Harbour and Reforms Since 2013’ in Kloza, D. and Svantesson, D. (eds.) Trans-Atlantic Data Privacy Relations as a Challenge for Democracy, vol. 4 (Cambridge: Intersentia 2017)Google Scholar

Taylor, L., FISMA Compliance Handbook: Second Edition (Burlington, MA: Elsevier Science 2013)Google Scholar

Tollen, D., The Tech Contracts Handbook: Cloud Computing Agreements, Software Licenses, and Other IT Contracts for Lawyers and Businesspeople (Chicago, IL: American Bar Association 2016)Google Scholar

Treitel, G. H., The Law of Contract (8th ed., London: Sweet & Maxwell 1991)Google Scholar

Tzanou, M., The Fundamental Right to Data Protection: Normative Value in the Context of Counter-terrorism Surveillance (Portland: Hart 2017)Google Scholar

Tønseth, M. and others, Personvernhåndboken (Oslo: Gyldendal juridisk 2016)Google Scholar

Ustaran, E., ‘The Scope of Application of EU Data Protection Law and Its Extraterritorial Reach’ in Noriswadi, I., Cieh, Y., and Lee, E. (eds.), Beyond Data Protection: Strategic Case Studies and Practical Guidance (Heidelberg: Springer 2013)Google Scholar

Velasco, C., Hörnle, J., and Osula, A.-M., ‘Global Views on Internet Jurisdiction and Trans-border Access’ in Gutwirth, S., Leenes, R., and De Hert, P. (eds.), Data Protection on the Move: Current Developments in ICT and Privacy/Data Protection (Dordrecht: Springer 2016)Google Scholar

Vermeulen, G., ‘The Paper Shield: On the Degree of Protection of the EU-US Privacy Shield against Unnecessary or Disproportionate Data Collection by the US Intelligence and Law Enforcement Services’ in Kloza, D. and Svantesson, D. (eds.), Trans-Atlantic Data Privacy Relations as a Challenge for Democracy, vol. 4 (Cambridge: Intersentia 2017)Google Scholar

Vettese, M., ‘Multinational Companies and National Contracts’ in Cordero-Moss, G. (ed.), Boilerplate Clauses, International Commercial Contracts and the Applicable Law (Cambridge: Cambridge University Press 2011)Google Scholar

Voigt, P. and von dem Bussche, A., The EU General Data Protection Regulation (GDPR) (Cham: Springer 2017)Google Scholar

Wagle, S., ‘Cloud Computing Contracts’ in Lehmann, A. and others (eds.), Privacy and Identity Management Facing up to Next Steps: 11th IFIP WG 92, 95, 96/117, 114, 116/SIG 922 International Summer School, Karlstad, Sweden, August 21–26, 2016, Revised Selected Papers (Cham: Springer International 2016)Google Scholar

Walden, I., ‘Telecommunications Law and Regulation: An Introduction’ in Walden, I. (ed.), Telecommunications Law and Regulation (Oxford: Oxford University Press 2009)Google Scholar

Walden, I. and Da Correggio Luciano, L., ‘Facilitating Competition in the Clouds’ in Millard, C. (ed.), Cloud Computing Law (Oxford: Oxford University Press 2013)Google Scholar

Wang, F., Internet Jurisdiction and Choice of Law: Legal Practices in the EU, US and China (Cambridge: Cambridge University Press 2010)Google Scholar

Weber, R. H. and Staiger, D., Transatlantic Data Protection in Practice (Cham: Springer 2017)Google Scholar

Weinrib, E., The Idea of Private Law (Oxford: Oxford University Press 2013)Google Scholar

Weinstein, S. and Wild, C., ‘Developing the Right Formula for Successful Legal Risk Management, Governance and Compliance’ in Weinstein, S. and Wild, C. (eds.), Legal Risk Management, Governance and Compliance: A Guide to Best Practice From Leading Experts (London: Globe Law and Business 2013)Google Scholar

Weitzenböck, E., A Legal Framework for Emerging Business Models: Dynamic Networks as Collaborative Contracts (Cheltenham: Edward Elgar 2012)Google Scholar

Wilderspin, M., ‘Contractual Obligations’ in Basedow, J. and others (eds.), Encyclopedia of Private International Law (Cheltenham: Edward Elgar 2017)Google Scholar

Wilderspin, M., ‘Overriding Mandatory Provisions’ in Basedow, J. and others (eds.), Encyclopedia of Private International Law (Cheltenham: Edward Elgar 2017)Google Scholar

Yoo, C., ‘Cloud Computing, Contractibility, and Network Architecture’ in Yoo, C. S. and Blanchette, J.-F. (eds.), Regulating the Cloud: Policy for Computing Infrastructure (Cambridge, MA: MIT Press 2015)Google Scholar

Yoo, C. and Blanchette, J.-F., Regulating the Cloud: Policy for Computing Infrastructure (Cambridge, MA: MIT Press 2015)Google Scholar

Aitchison, S., ‘Privacy in the Cloud: The Fourth Amendment Fog’ (2018) 93 Washington Law Review 1019Google Scholar

Alonso, J., Escalante, M., and Orue-Echevarria, L., ‘Transformational Cloud Government (TCG): Transforming Public Administrations with a Cloud of Public Services’ (2016) 97 Procedia Computer Science 43Google Scholar

Alsenoy, B., ‘Liability under EU Data Protection Law: From Directive 95/46 to the General Data Protection Regulation’ (2017) 7 Journal of Intellectual Property, Information Technology and e-Commerce Law 271Google Scholar

Aman, A. and Dugan, J. C., ‘The Human Side of Public-Private Partnerships: From New Deal Regulation to Administrative Law Management’ (2017) 102 Iowa Law Review 883Google Scholar

Amoore, L., ‘Cloud Geographies: Computing, Data, Sovereignty’ (2018) 42 Progress in Human Geography 4Google Scholar

Andrews, D. C. and Newman, J. M., ‘Personal Jurisdiction and Choice of Law in the Cloud’ (2013) 73 Maryland Law Review 58Google Scholar

Arsham, B., ‘Monetizing Infringement: A New Legal Regime for Hosts of User-Generated Content’ (2013) 101 Georgetown Law Journal 28Google Scholar

Auty, M. and others, ‘Inadequacies of Current Risk Controls for the Cloud’ (2010) 2nd IEEE International Conference on Cloud Computing Technology and Science, Indianapolis, IN, 659Google Scholar

Bamberger, K. and Mulligan, D. K., ‘Privacy on the Books and on the Ground’ (2011) 63 Stanford Law Review 247Google Scholar

Bender, D., ‘Having Mishandled Safe Harbor, Will the CJEU Do Better with Privacy Shield? A US Perspective’ (2016) 6 International Data Privacy Law 117Google Scholar

Bender, S., ‘Privacy in the Cloud Frontier: Abandoning the “Take It or Leave It” Approach’ (2011) 4 Drexel Law Review 27Google Scholar

Bilgic, S., ‘Something Old, Something New, and Something Moot: The Privacy Crisis under the Cloud Act’ (2018) 32 Harvard Journal of Law & Technology 321Google Scholar

Black, J., ‘Constructing and Contesting Legitimacy and Accountability in Polycentric Regulatory Regimes’ (2008) 2 Regulation & Governance 137Google Scholar

Black, J., ‘“Says Who?” Liquid Authority and Interpretive Control in Transnational Regulatory Regimes’ (2017) 9 International Theory 286Google Scholar

Blackman, J. and others, ‘Cloud Act Establishes Framework to Access Overseas Stored Electronic Communications’ (2018) 30 Intellectual Property & Technology Law Journal 10Google Scholar

Blair, M. and others, ‘Outsourcing, Modularity, and the Theory of the Firm’ (2011) 2011 Brigham Young University Law Review 263Google Scholar

Blume, P., ‘Controller and Processor: Is There a Risk of Confusion?’ (2013) 3 International Data Privacy Law 140Google Scholar

Bolin, R., ‘Risky Mail: Concerns in Confidential Attorney-Client Email’ (2012) 81 University of Cincinnati Law Review 601Google Scholar

Bolognini, L. and Bistolfi, C., ‘Pseudonymization and Impacts of Big (Personal/Anonymous) Data Processing in the Transition from the Directive 95/46/EC to the New EU General Data Protection Regulation’ (2017) 33 Computer Law & Security Review 171Google Scholar

Bougiakiotis, E., ‘The Enforcement of the Google Spain Ruling’ (2016) 24 International Journal of Law and Information Technology 311Google Scholar

Boyne, S., ‘Data Protection in the United States’ (2018) 66 American Journal of Comparative Law 299Google Scholar

Brookman, J., ‘Protecting Privacy in an Era of Weakening Regulation. The Consumer Always Has Rights: Envisioning a Progressive Free Market’ (2015) 9 Harvard Law & Policy Review 355Google Scholar

Brown, K., ‘Outsourcing, Data Insourcing, and the Irrelevant Constitution’ (2015) 49 Georgia Law Review 607Google Scholar

Bygrave, L., ‘Data Protection by Design and by Default: Deciphering the EU’s Legislative Requirements’ (2017) 2 Oslo Law Review 105Google Scholar

Cafaggi, F., ‘New Foundations of Transnational Private Regulation’ (2011) 38 Journal of Law and Society 20Google Scholar

Cafaggi, F., ‘Transnational Private Regulation and the Production of Global Public Goods and Private “Bads”’ (2012) 23 European Journal of International Law 695Google Scholar

Calloway, T., ‘Cloud Computing, Clickwrap Agreements, and Limitation on Liability Clauses: A Perfect Storm’ (2012) 11 Duke Law & Technology Review 163Google Scholar

Canuel, E., ‘Comparative Commercial Law: Methodologies, Black Letter Law and Law-in-Action’ (2012) 2012 Nordic Journal of Commercial Law 1Google Scholar

Carmeli, D., ‘Keep an I on the Sky: E-discovery Risks Forecasted for Apple’s iCloud’ (2013) Boston College Intellectual Property and Technology Forum 34Google Scholar

Carpenter, R. Jr., ‘Walking from Cloud to Cloud: The Portability Issue in Cloud Computing’ (2010) 6 Washington Journal of Law, Technology & Arts 9Google Scholar

Cate, F. and Mayer-Schönberger, V., ‘Notice and Consent in a World of Big Data’ (2013) 3 International Data Privacy Law 67Google Scholar

Cate, F. and others, ‘Systematic Government Access to Private-sector Data’ (2012) 2 International Data Privacy Law 195Google Scholar

Celestine, C., ‘Cloudy Skies, Bright Futures? In Defense of a Private Regulatory Scheme for Policing Cloud Computing’ (2013) 2013 University of Illinois Journal of Law Technology and Policy 141Google Scholar

Chesterman, S., ‘“We Can’t Spy … If We Can’t Buy!”: The Privatization of Intelligence and the Limits of Outsourcing “Inherently Governmental Functions”’ (2008) 19 European Journal of International Law 1055Google Scholar

Citron, D., ‘The Privacy Policymaking of State Attorneys General’ (2016) 92 Notre Dame Law Review 747–816Google Scholar

Clarke, R., ‘Data Risks in the Cloud’ (2013) 8 Journal of Theoretical and Applied Electronic Commerce Research (JTAER) 60–74 www.rogerclarke.com/II/DRC.htmlGoogle Scholar

Clopton, Z., ‘Territoriality, Technology, and National Security’ (2016) 83 University of Chicago Law Review 45Google Scholar

Colangelo, A., ‘What Is Extraterritorial Jurisdiction’ (2014) 99 Cornell Law Review 1303Google Scholar

Colarusso, D., ‘Heads in the Cloud, A Coming Storm: The Interplay of Cloud, Encryption, and the Fifth Amendment’s Protection against Self-Incrimination’ (2011) 17 Boston University Journal of Science & Technology Law 69Google Scholar

Cook, C., ‘Cross-Border Data Access and Active Cyber Defense: Assessing Legislative Options for a New International Cybersecurity Rulebook’ (2018) 29 Stanford Law & Policy Review 205Google Scholar

Cordero-Moss, G., ‘International Contracts between Common Law and Civil Law: Is Non-State Law to Be Preferred? The Difficulty of Interpreting Legal Standards Such as Good Faith’ (2007) 7 Global Jurist 3Google Scholar

Cordero-Moss, G., ‘Limits to Party Autonomy in International Commercial Arbitration’ (2014) 1 Oslo Law Review 47Google Scholar

Custers, B. and Uršič, H., ‘Big Data and Data Reuse: A Taxonomy of Data Reuse for Balancing Big Data Benefits and Personal Data Protection’ (2016) 6 International Data Privacy Law 4Google Scholar

Daley, M., Bennett, S. C., and Gerlach, N., ‘Storm Clouds Gathering for Cross-Border Discovery and Data Privacy: Cloud Computing Meets the U.S.A. Patriot Act’ (2012) 13 Sedona Conference Journal 20Google Scholar

Danaher, B. and Smith, M. D., ‘Gone in 60 Seconds: The Impact of the Megaupload Shutdown on Movie Sales’ (2014) 33 International Journal of Industrial Organization 1Google Scholar

Daskal, J., ‘Microsoft Ireland, the CLOUD Act, and International Lawmaking 2.0’ (2018) 71 Stanford Law Review Online 9Google Scholar

Daskal, J., ‘The Un-Territoriality of Data’ (2015) 125 Yale Law Journal 326Google Scholar

Datesh, A., ‘Storms Brewing in the Cloud: Why Copyright Law Will Have to Adapt to the Future of Web 2.0’ (2012) 40 American Intellectual Property Law Association Quarterly Journal 30Google Scholar

De Filippi, P. and McCarthy, S., ‘Cloud Computing: Centralization and Data Sovereignty’ (2012) 3 European Journal of Law and Technology 1Google Scholar

Deeks, A., ‘An International Legal Framework for Surveillance’ (2015) 55 Virginia Journal of International Law 291Google Scholar

Delic, E., ‘Cloudy Jurisdiction: Foggy Skies in Traditional Jurisdiction Create Unclear Legal Standards for Cloud Computing and Technology’ (2017) 50 Suffolk University Law Review 32Google Scholar

Dietz, T., ‘Contract Law, Relational Contracts, and Reputational Networks in International Trade: An Empirical Investigation into Cross-Border Contracts in the Software Industry’ (2011) 37 Law and Social Inquiry 25Google Scholar

Diorio, S., ‘Data Protection Laws: Quilts Versus Blankets’ (2015) 42 Syracuse Journal of International Law and Commerce 485Google Scholar

Easterbrook, F. H., ‘Cyberspace and the Law of the Horse’ (1996) 1996 University of Chicago Legal Forum 207Google Scholar

Edwards, C., ‘Freedom of Contract and Fundamental Fairness for Individual Parties: The Tug of War Continues’ (2009) 77 University of Missouri-Kansas City Law Review 647Google Scholar

El Emam, K. and Álvarez, C., ‘A Critical Appraisal of the Article 29 Working Party Opinion 05/2014 on Data Anonymization Techniques’ (2015) 5 International Data Privacy Law 73Google Scholar

El-Gazzar, R., Hustad, E., and Olsen, D. H., ‘Understanding Cloud Computing Adoption Issues: A Delphi Study Approach’ (2016) 118 Journal of Systems and Software 64Google Scholar

Elvy, S., ‘Hybrid Transactions and the Internet of Things: Goods, Services, or Software?’ (2017) 74 Washington and Lee Law Review 77Google Scholar

Emmanuel, J. and Caral, E. A., ‘Lessons from ICANN: Is Self-Regulation of the Internet Fundamentally Flawed?’ (2004) 12 International Journal of Law and Information Technology 1Google Scholar

Epstein, D. and others, ‘An “App” for Third Party Beneficiaries’ (2016) 91 Washington Law Review 1663Google Scholar

Epstein, W., ‘Contract Theory and the Failures of Public-Private Contracting’ (2013) 34 Cardozo Law Review 2211Google Scholar

Esayas, S., ‘A Walk into the Cloud and Cloudy it Remains: The Challenges and Prospects of “Processing” and “Transferring” Personal Data’ (2012) 28 Computer Law & Security Review 662Google Scholar

Esayas, S., ‘The Idea of “Emergent Properties” in Data Privacy: Towards a Holistic Approach’ (2017) 25 International Journal of Law and Information Technology 139Google Scholar

Esayas, S., ‘The Role of Anonymisation and Pseudonymisation under the EU Data Privacy Rules: Beyond the “All or Nothing” Approach’ (2015) 6(2) European Journal of Law and Technology 5Google Scholar

Faulkenberry, R., ‘Reviewing and Negotiating Cloud Computing Vendor Contracts’ (2013) 6 Journal of Health & Life Sciences Law 21Google Scholar

Foster, N., ‘Navigating through the Fog of Cloud Computing Contracts’ (2013) 30 Journal of Information Technology & Privacy Law 13Google Scholar

Freiwald, S. and Smith, S., ‘The Carpenter Chronicle: A Near-Perfect Surveillance’ (2018) 132 Harvard Law Review 205Google Scholar

Friendler, E., ‘Protecting the Innocent - the Need to Adapt Federal Asset Forfeiture Laws to Protect the Interest of Third Parties in Digital Asset Seizures’ (2013) 32 Cardozo Arts and Entertainment Law Journal 283Google Scholar

Froomkin, A., ‘Lessons Learned Too Well: Anonymity in a Time of Surveillance’ (2017) 59 Arizona Law Review 66Google Scholar

Geis, G., ‘Business Outsourcing and the Agency Cost Problem’ (2007) 82 Notre Dame Law Review 955Google Scholar

Gervais, D. and Hyndman, D., ‘Cloud Control: Copyright, Global Memes and Privacy’ (2011) 10 Journal on Telecommunications and High Technology Law 53Google Scholar

Gleeson, N. and Walden, I., ‘“It’s a Jungle Out There”?: Cloud Computing, Standards and the Law’ (2014) 5 European Journal of Law and Technology 683Google Scholar

Gleeson, N. and Walden, I., ‘Placing the State in the Cloud: Issues of Data Governance and Public Procurement’ (2016) 32 Computer Law & Security Review 683Google Scholar

Gottschalk, P. and Solli-Sæther, H., ‘Critical Success Factors from IT Outsourcing Theories: An Empirical Study’ (2005) 105 Industrial Management & Data Systems 685Google Scholar

Gray, A., ‘Conflict of Laws and the Cloud’ (2013) 29 Computer Law & Security Review 58Google Scholar

Gstrein, O. and Ritsema van Eck, G., ‘Mobile Devices as Stigmatizing Security Sensors: The GDPR and a Future of Crowdsourced “Broken Windows”’ (2018) 8 International Data Privacy Law 69Google Scholar

Hall, H., ‘Restoring Dignity and Harmony to United States-European Union Data Protection Regulation’ (2018) 23 Communication Law and Policy 125Google Scholar

Harris, D., ‘Riley v. California and the Beginning of the End for the Third-Party Search Doctrine’ (2016) 18 University of Pennsylvania Journal of Constitutional Law 895Google Scholar

Harshbarger, J., ‘Cloud Computing Providers and Data Security Law: Building Trust with United States Companies’ (2011) 16 Journal of Technology Law & Policy 20Google Scholar

Hartzog, W., ‘The Inadequate, Invaluable Fair Information Practices’ (2017) 76 Maryland Law Review 33Google Scholar

Hartzog, W. and Solove, D., ‘The Scope and Potential of FTC Data Protection’ (2015) 83 George Washington Law Review 2230Google Scholar

Hayes, C., Kesan, J. P., and Bashir, M. N., ‘Cloud Services, Contract Terms, and Legal Rights’ (2013) 17 Journal of Internet Law 18Google Scholar

Henry, L., ‘Information Privacy and Data Security’ (2015) 2015 Cardozo Law Review De Novo 107Google Scholar

de Hert, P. and Czerniawski, M., ‘Expanding the European Data Protection Scope Beyond Territory: Article 3 of the General Data Protection Regulation in its Wider Context’ (2016) 6 International Data Privacy Law 230Google Scholar

de Hert, P., Papakonstantinou, V., and Kamara, I., ‘The Cloud Computing Standard ISO/IEC 27018 through the Lens of the EU Legislation on Data Protection’ (2016) 32 Computer Law and Security Review 16Google Scholar

Hill, J. W. and others, ‘A Proposed National Health Information Network Architecture and Complementary Federal Preemption of State Health Information Privacy Laws’ (2011) 48 American Business Law Journal 503Google Scholar

Hojnik, J., ‘Technology Neutral EU Law: Digital Goods Within the Traditional Goods/Services Distinction’ (2016) 25 International Journal of Law and Information Technology 63Google Scholar

Hon, W. K., Millard, C., and Walden, I., ‘Negotiating Cloud Contracts: Looking at Clouds from Both Sides Now’ (2012) 16 Stanford Technology Law Review 79Google Scholar

Hon, W. K. and others, ‘Policy, Legal and Regulatory Implications of a Europe-Only Cloud’ (2016) 24 International Journal of Law and Information Technology 25Google Scholar

Hon, W. K. and others, ‘Cloud Accountability: The Likely Impact of the Proposed EU Data Protection Regulation’ (2014) Queen Mary School of Law Legal Studies Research Paper No. 172/2014; Tilburg Law School Research Paper No. 07/2014 http://dx.doi.org/10.2139/ssrn.2405971Google Scholar

Hoofnagle, C. and Whittington, J., ‘Free: Accounting for the Costs of the Internet’s Most Popular Price’ (2014) 61 University of California Los Angeles Law Review 606Google Scholar

Hutchinson, T. and Duncan, N., ‘Defining and Describing What We Do: Doctrinal Legal Research’ (2012) 17 Deakin Law Review 83Google Scholar

Irion, K., ‘Government Cloud Computing and National Data Sovereignty’ (2012) 4 Policy & Internet 40Google Scholar

Irion, K., ‘Your Digital Home is No Longer Your Castle: How Cloud Computing Transforms the (Legal) Relationship between Individuals and Their Personal Records’ (2015) 23 International Journal of Law and Information Technology 348Google Scholar

Ismail, U. and others, ‘A Framework for Security Transparency in Cloud Computing’ (2016) 8 Future Internet 5Google Scholar

Johnson, E., ‘Lost in the Cloud: Cloud Storage, Privacy, and Suggestions for Protecting Users’ Data’ (2017) 69 Stanford Law Review 867Google Scholar

Joint, A. and Baker, E., ‘Knowing the Past to Understand the Present – Issues in the Contracting for Cloud Based Services’ (2011) 27 Computer Law & Security Review 407Google Scholar

Kalinich, D. and others, ‘Data Sovereignty and the Cloud: A Board and Executive Officer’s Guide’ (2013) 1 Cyberspace Law and Policy Centre, UNSW Faculty of Law 1 www.cyberlawcentre.org/data_sovereignty/CLOUD_DataSovReport_Full.pdfGoogle Scholar

Kamarinou, D., Millard, C., and Hon, W. K., ‘Cloud Privacy: An Empirical Study of 20 Cloud Providers’ Terms and Privacy Policies – Part I’ (2016) 6 International Data Privacy Law 79Google Scholar

Kamarinou, D., Millard, C., and Hon, W. K., ‘Cloud Privacy: An Empirical Study of 20 Cloud Providers’ Terms and Privacy Policies – Part II’ (2016) 6 International Data Privacy Law 170Google Scholar

Kamarinou, D., Millard, C., and Oldani, I., ‘Compliance as a Service’ (2018) Queen Mary School of Law Legal Studies Research Paper No. 287/2018Google Scholar

Kerr, O., ‘A User’s Guide to the Stored Communications Act and a Legislator’s Guide to Amending It’ (2003) 72 George Washington Law Review 1208Google Scholar

Kerr, O., ‘Searches and Seizures in a Digital World’ (2005) 119 Harvard Law Review 531Google Scholar

Kerr, O., ‘The Next Generation Communications Privacy Act’ (2014) 162 University of Pennsylvania Law Review 373Google Scholar

Kesan, J., Hayes, C. M., and Bashir, M. N., ‘Information Privacy and Data Control in Cloud Computing: Consumers, Privacy Preferences, and Market Efficiency’ (2013) 70 Washington and Lee Law Review 341Google Scholar

King, V. and Raja, V. T., ‘Protecting the Privacy and Security of Sensitive Customer Data in the Cloud’ (2012) 28 Computer Law & Security Review 11Google Scholar

Kirschenbaum, A., ‘Beyond Microsoft: A Legislative Solution to the SCA’s Extraterritoriality Problem’ (2018) 86 Fordham Law Review 1923Google Scholar

Kokott, J. and Sobotta, C., ‘The Distinction between Privacy and Data Protection in the Jurisprudence of the CJEU and the ECtHR’ (2013) 3 International Data Privacy Law 222Google Scholar

Krebs, D., ‘Regulating the Cloud: A Comparative Analysis of the Current and Proposed Privacy Frameworks in Canada and the European Union’ (2012) 10 Canadian Journal of Law and Technology 1Google Scholar

Kuner, C., ‘Data Protection Law and International Jurisdiction on the Internet (Part I)’ (2010) 18 International Journal of Law and Information Technology 176Google Scholar

Kuner, C., ‘Extraterritoriality and Regulation of International Data Transfers in EU Data Protection Law’ (2015) 5 International Data Privacy Law 235Google Scholar

Kuner, C., ‘Regulation of Transborder Data Flows under Data Protection and Privacy Law: Past, Present, and Future’ (2010) TILT Law & Technology Working Paper 15 http://dx.doi.org/10.1787/5kg0s2fk315f-enGoogle Scholar

Lachaud, E., ‘Why the Certification Process Defined in the General Data Protection Regulation Cannot be Successful’ (2016) 32 Computer Law & Security Review 814Google Scholar

Lametti, D., ‘The Cloud: Boundless Digital Potential or Enclosure 3.0?’ (2012) 17 Virginia Journal of Law & Technology 192Google Scholar

Langvardt, A. and others, ‘A Proposed National Health Information Network, Architecture and Complementary Federal Preemption of State Health Information Privacy Laws’ (2011) 48 American Business Law Journal 548Google Scholar

LeSieur, F., ‘Regulating Cross-Border Data Flows and Privacy in the Networked Digital Environment and Global Knowledge Economy’ (2012) 2 International Data Privacy Law 93Google Scholar

Lessig, L., ‘The Law of the Horse: What Cyberlaw Might Teach’ (1999) 113 Harvard Law Review 501Google Scholar

Lindqvist, J., ‘New Challenges to Personal Data Processing Agreements: Is the GDPR Fit to Deal with Contract, Accountability and Liability in a World of the Internet of Things?’ (2017) 26 International Journal of Law and Information Technology 45Google Scholar

Lusch, S., ‘State Taxation of Cloud Computing’ (2013) 29 Santa Clara Computer & High Tech Law Journal 369Google Scholar

Macioce, D. Jr, ‘PII in Context: Video Privacy and a Factor-Based Test for Assessing Personal Information (Personally Identifiable Information)’ (2017) 45 Pepperdine Law Review 331Google Scholar

Marinho, C. and others, ‘Digital Content and Cloud-Based Contracts in Brazil and the European Union’ (2016) 24 International Journal of Law and Information Technology 99Google Scholar

Martin, B. and Newhall, J., ‘Criminal Copyright Enforcement against Filesharing Services’ (2013) 15 North Carolina Journal of Law & Technology 35Google Scholar

Martin, M., ‘HIPAA Compliant Clouds: A Reality That Should Not Become a Missed Opportunity by Health Care Providers’ (2014) 83 University of Missouri Kansas City Law Review 25Google Scholar

Matwyshyn, A., ‘Privacy the Hacker Way’ (2013) 87 Southern California Law Review 1Google Scholar

Matwyshyn, A., ‘The Law of the Zebra’ (2013) 28 Berkeley Technology Law Journal 155Google Scholar

Matzner, T., ‘Why Privacy is Not Enough Privacy in the Context of “Ubiquitous Computing” and “Big Data”’ (2014) 12 Journal of Information, Communication and Ethics in Society 93Google Scholar

Mazur, O., ‘Taxing the Cloud’ (2015) 103 California Law Review 1Google Scholar

McGillivray, K., ‘A Right too Far? Requiring Cloud Service Providers to Deliver Adequate Data Security to Consumers’ (2016) 25 International Journal of Law and Information Technology 25Google Scholar

McGillivray, K., ‘Conflicts in the Cloud: Contracts and Compliance with Data Protection Law in the EU’ (2014) 17 Tulane Journal of Technology and Intellectual Property 36Google Scholar

McGillivray, K., ‘FedRAMP, Contracts, and the US Federal Government’s Move to Cloud Computing: If an 800-pound Gorilla Can’t Tame the Cloud, Who Can?’ (2016) 17 The Columbia Science and Technology Law Review 336Google Scholar

McGillivray, K., ‘Give It Away Now? Renewal of the IANA Functions Contract and Its Role in Internet Governance’ (2014) 22 International Journal of Law and Information Technology 3Google Scholar

Medeiros, F., ‘Is “.com” International? The .com gTLD: An Analysis of its Global Nature through the Prism of Jurisdiction’ (2013) 21 International Journal of Law and Information Technology 269Google Scholar

Millard, C., ‘Forced Localization of Cloud Services: Is Privacy the Real Driver?’ (2015) 2 Cloud Computing, IEEE 10Google Scholar

Mizrahi, S., ‘The Dangers of Sharing Cloud Storage: The Privacy Violations Suffered by Innocent Cloud Users During the Course of Criminal Investigations in Canada and the United States’ (2017) 25 Tulane Journal of International and Comparative Law 303Google Scholar

Moskowitz, Y., ‘MLATS and the Trusted Nation Club: The Proper Cost of Membership’ (2016) 41 Yale Journal of International Law Online 15Google Scholar

Mowbray, M., ‘The Fog Over the Grimpen Mire: Cloud Computing and the Law’ (2009) 6 SCRIPTed 14Google Scholar

Nagel, T. and Kelley, E. M., ‘The Impact of Globalization on Structuring, Implementing, and Advising on Sourcing Arrangements’ (2007) 38 Georgetown Journal of International Law 619Google Scholar

Narayanan, V., ‘Harnessing the Cloud: International Law Implications of Cloud-Computing’ (2012) 12 Chicago Journal of International Law 783Google Scholar

Nepple, M. and Sableman, M., ‘Will the Zippo Sliding Scale for Internet Jurisdiction Slide into Oblivion?’ (2016) 20 Journal of Internet Law 6Google Scholar

Nichols, M. and others, ‘Chasing the Clouds without Getting Drenched: A Call for Fair Practices in Cloud Computing Services’ (2011) 16 Journal of Technology Law & Policy 163Google Scholar

Nicholson, J., ‘Plus Ultra: Third-Party Preservation in a Cloud Computing Paradigm’ (2012) 8 Hastings Business Law Journal 191Google Scholar

O’Hara O’Connor, E., Blair, M. M., and Kirchhoefer, G., ‘Outsourcing, Modularity, and the Theory of the Firm’ (2011) 2 Brigham Young University Law Review 263Google Scholar

Osula, A., ‘Transborder Access and Territorial Sovereignty’ (2015) 31 Computer Law and Security Review 719Google Scholar

Padova, Y., ‘The Safe Harbour is Invalid: What Tools Remain for Data Transfers and What Comes Next?’ (2016) 6 International Data Privacy Law 139Google Scholar

Padova, Y., ‘What the European Draft Regulation on Personal Data is Going to Change for Companies’ (2014) 4 International Data Privacy Law 39Google Scholar

Palmer, V., ‘From Lerotholi to Lando: Some Examples of Comparative Law Methodology’ (2004) 4 Global Jurist Frontiers 1Google Scholar

Paquette, S., Jaeger, P. T., and Wilson, S. C., ‘Identifying the Security Risks Associated with Governmental Use of Cloud Computing’ (2010) 27 Government Information Quarterly 245Google Scholar

Parker, J., ‘Lost in the Cloud: Protecting End-User Privacy in Federal Cloud Computing Contracts’ (2012) 41 Public Contract Law Journal 385Google Scholar

Perritt, H. Jr., Taylor, J., and Morgan, J., ‘Achieving Legal and Business Order in Cyberspace: A Report on Global Jurisdiction Issues Created by the Internet’ (2000) 55 Business Lawyer 1801Google Scholar

Pham, C., ‘E-Discovery in the Cloud Era: What’s a Litigant to Do?’ (2013) 5 Hastings Science & Technology Law Journal 41Google Scholar

Pierce, J., ‘Shifting Data Breach Liability: A Congressional Approach’ (2016) 57 William and Mary Law Review 975Google Scholar

Purtova, N., ‘Between the GDPR and the Police Directive: Navigating through the Maze of Information Sharing in Public–Private Partnerships’ (2018) 8 International Data Privacy Law 52Google Scholar

Purtova, N., ‘Private Law Solutions in European Data Protection: Relationship to Privacy, and Waiver of Data Protection Rights’ (2010) 28 Netherlands Quarterly of Human Rights 179Google Scholar

Rachovitsa, A., ‘Engineering and Lawyering Privacy by Design: Understanding Online Privacy both as a Technical and an International Human Rights Issue’ (2016) 24 International Journal of Law and Information Technology 374Google Scholar

Raymond, A., ‘Heavyweight Bots in the Clouds: The Wrong Incentives and Poorly Crafted Balances That Lead to the Blocking of Information Online’ (2013) 11 Northwestern Journal of Technology & Intellectual Property 26Google Scholar

Revolidis, I., ‘Judicial Jurisdiction Over Internet Privacy Violations and the GDPR: A Case of “Privacy Tourism”?’ (2017) 11 Masaryk University Journal of Law and Technology 7Google Scholar

Robison, W. J., ‘Free at What Cost?: Cloud Computing Privacy under the Stored Communications Act’ (2010) 98 The Georgetown Law Journal 1195Google Scholar

Rustad, M. and Onufrio, M. V., ‘Reconceptualizing Consumer Terms of Use for a Globalized Knowledge Economy’ (2012) 14 University of Pennsylvania Journal of Business Law 1085Google Scholar

Sako, M., ‘Outsourcing and Offshoring: Implications for Productivity of Business Services’ (2006) 22 Oxford Review of Economic Policy 499Google Scholar

Saw, C. L. and Chik, W. B., ‘Whither the Future of Internet Streaming and Time-shifting? Revisiting the Rights of Reproduction and Communication to the Public in Copyright Law after Aereo’ (2015) 23 International Journal of Law and Information Technology 53Google Scholar

Schartum, D., ‘Making Privacy by Design Operative’ (2016) 24 International Journal of Law and Information Technology 151Google Scholar

Schoorl, J., ‘Clicking the Export Button: Cloud Data Storage and US Dual-Use Export Controls’ (2012) 80 George Washington Law Review 632Google Scholar

Schrop, K., ‘Your Cooperation is Greatly Appreciated: The Fourth Amendment, National Security Letters, and Public-Private Data Sharing’ (2018) 122 Penn State Law Review 849Google Scholar

Schwartz, P., ‘Information Privacy in the Cloud’ (2013) 161 University of Pennsylvania Law Review 31Google Scholar

Schwartz, P., ‘Legal Access to the Global Cloud’ (2018) 118 Columbia Law Review 1681Google Scholar

Schwartz, P. and Solove, D. J., ‘Reconciling Personal Information in the United States and European Union’ (2014) 102 California Law Review 887Google Scholar

Seddon, J. and Currie, W. L., ‘Cloud Computing and Trans-border Health Data: Unpacking US and EU Healthcare Regulation and Compliance’ (2013) 2 Health Policy and Technology 229Google Scholar

Segall, S., ‘Jurisdictional Challenges in the United States Government’s Move to Cloud Computing Technology’ (2013) 23 Fordham Intellectual Property, Media and Entertainment Law Journal 1105Google Scholar

Selby, J., ‘Data Localization Laws: Trade Barriers or Legitimate Responses to Cybersecurity Risks, or Both?’ (2017) 25 International Journal of Law and Information Technology 213Google Scholar

Sloan, P., ‘The Reasonable Information Security Program’ (2014) 21 Richmond Journal of Law & Technology 2Google Scholar

Sluijs, J. P. J. B., Larouche, P., and Sauter, W., ‘Cloud Computing in the EU Policy Sphere Interoperability, Vertical Integration and the Internal Market’ (2012) 3(1) Journal of Intellectual Property, Information Technology and e-Commerce Law: JIPITEC 12–32Google Scholar

Snukal, A., Rosenbaum, J. I., and Bernstein, L. A., ‘Cloud Computing – Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing, Part One’ (2011) 65 Consumer Finance Law Quarterly Report 11Google Scholar

Solove, D. and Hartzog, W., ‘The FTC and the New Common Law of Privacy’ (2014) 114 Columbia Law Review 583Google Scholar

Solove, D. and Hartzog, W., ‘The FTC and Privacy and Security Duties for the Cloud’ (2014) 13 BNA Privacy & Security Law Report 577Google Scholar

Solum, L. and Chung, M., ‘The Layers Principle: Internet Architecture and the Law’ (2004) 79 Notre Dame Law Review 815Google Scholar

Spivey, G., ‘Computer Software Sales and Licenses as Subject to Article 2 of Uniform Commercial Code’ (2017) 26 American Law Reports § 1Google Scholar

Stegmaier, G. and Bartnick, W., ‘Psychics, Russian Roulette, and Data Security: The FTC’s Hidden Data-Security Requirements’ (2013) 20 George Mason Law Review 673Google Scholar

Stoolman, M., ‘The Cause of Action for Breach of Data?: The Problem with Relying on Courts when Managing the Risks of Cloud Services’ (2018) 70 Rutgers University Law Review 717Google Scholar

Story, J., ‘Cloud Computing and the NSA: The Carbon Footprint of the Secret Servers’ (2014) 9 Pittsburgh Journal of Environmental and Public Health Law 33Google Scholar

Summers, D., ‘Third Party Beneficiaries and the Restatement (Second) of Contracts’ (1982) 67 Cornell Law Review 880Google Scholar

Surden, H., ‘Computable Contracts’ (2012) 46 University of California Davis Law Review 643Google Scholar

Svantesson, D., ‘Against “Against Data Exceptionalism”’ (2016) 10(2) Masaryk University Journal of Law and Technology 200Google Scholar

Svantesson, D., ‘A Legal Method for Solving Issues of Internet Regulation’ (2011) 19 International Journal of Law and Information Technology 243Google Scholar

Svantesson, D., ‘A New Jurisprudential Framework for Jurisdiction: Beyond the Harvard Draft’ (2015) 109 AJIL Unbound 69Google Scholar

Svantesson, D., ‘Article 4 (1)(a)“Establishment of the Controller” in EU Data Privacy Law – Time to Rein in This Expanding Concept?’ (2016) 6 International Data Privacy Law 210Google Scholar

Svantesson, D., ‘Data Protection in Cloud Computing – The Swedish Perspective’ (2012) 28 Computer Law & Security Review 476Google Scholar

Svantesson, D., ‘Extraterritoriality and Targeting in EU Data Privacy Law: The Weak Spot Undermining the Regulation’ (2015) 5 International Data Privacy Law 226Google Scholar

Svantesson, D., ‘Jurisdictional Issues and the Internet – A Brief Overview 2.0’ (2018) 34 Computer Law and Security Review 715Google Scholar

Svantesson, D., ‘The Hypocritical Hype about ‘Hypothesis’: Why Legal Research Needs to Shed This Relic’ (2014) 39 Alternative Law Journal 259Google Scholar

Svantesson, D. and Gerry, F., ‘Access to Extraterritorial Evidence: The Microsoft Cloud Case and Beyond’ (2015) 31 Computer Law & Security Review 478Google Scholar

Svantesson, D. and van Zwieten, L., ‘Law Enforcement Access to Evidence via Direct Contact with Cloud Providers – Identifying the Contours of a Solution’ (2016) 32 Computer Law & Security Review 671Google Scholar

Tene, O., ‘Privacy Law’s Midlife Crisis: A Critical Assessment of the Second Wave of Global Privacy Laws. The Second Wave of Global Privacy Protection’ (2013) 74 Ohio State Law Journal 1217Google Scholar

Terry, N., ‘Regulatory Disruption and Arbitrage in Health-Care Data Protection’ (2017) 17 Yale Journal of Health Policy, Law, and Ethics 207Google Scholar

Thomas, R. III, ‘A Primer for Negotiating Subcontracts for High-Tech Small Businesses’ (2005) 52 Federal Lawyer 22Google Scholar

Vanberg, A. and Ünver, M. B., ‘The Right to Data Portability in the GDPR and EU Competition Law: Odd Couple or Dynamic Duo?’ (2017) 8 European Journal of Law and Technology 1Google Scholar

Veale, M., Binns, R., and Ausloos, J., ‘When Data Protection by Design and Data Subject Rights Clash’ (2018) 8 International Data Privacy Law 105Google Scholar

Ward, B. and Sipior, J. C., ‘The Internet Jurisdiction Risk of Cloud Computing’ (2010) 27 Information Systems Management 334Google Scholar

Warren, S. and Brandeis, L. D., ‘The Right to Privacy’ (1890) 4 Harvard Law Review 193Google Scholar

Wauters, E., Lievens, E., and Valcke, P., ‘Towards a Better Protection of Social Media Users: A Legal Perspective on the Terms of Use of Social Networking Sites’ (2014) 22 International Journal of Law and Information Technology 254Google Scholar

Weber, R. H. and Staiger, D., ‘Cloud Computing: A Cluster of Complex Liability Issues’ (2014) 20 European Journal of Current Legal Issues 1Google Scholar

Werbach, K., ‘The Network Utility’ (2011) 60 Duke Law Journal 1761Google Scholar

Westmoreland, K. and Kent, G., ‘International Law Enforcement Access to User Data: A Survival Guide and Call for Action’ (2015) 13 Canadian Journal of Law and Technology 225Google Scholar

Wolters, P. T. J., ‘The Security of Personal Data under the GDPR: A Harmonized Duty or a Shared Responsibility?’ (2017) 7 International Data Privacy Law 165Google Scholar

Woods, A., ‘Against Data Exceptionalism’ (2016) 68 Stanford Law Review 729Google Scholar

Yoo, C. S., ‘The Changing Patterns of Internet Usage’ (2010) 63 Federal Communications Law Journal 67, 83Google Scholar

Zanfir, G., ‘The Right to Data Portability in the Context of the EU Data Protection Reform’ (2012) 2(3) International Data Privacy Law 149Google Scholar

Zons, J., ‘The Minefield of Back-to-Back Subcontracts’ (2010) 11 Construction Law International 1Google Scholar

Zuckerman, M., ‘The Offshoring of American Government’ (2008) 94 Cornell Law Review 165Google Scholar

Abramatic, J. F. and others, ‘Privacy Bridges: EU and US Privacy Experts in Search of Transatlantic Privacy Solutions’ (2015) https://privacybridges.mit.edu/sites/default/files/documents/PrivacyBridges-FINAL.pdfGoogle Scholar

Armbrust, M. and others, ‘Above the Clouds: A Berkeley View of Cloud Computing’ Technical Report No UCB/EECS-2009-28 (2009) 16 www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.htmlGoogle Scholar

Badger, L. and others, ‘Cloud Computing Synopsis and Recommendations’ National Institute of Standards and Technology (2012) https://csrc.nist.gov/publications/detail/sp/800-146/finalGoogle Scholar

Badger, L. and others, ‘US Government Cloud Computing Technology Roadmap Volume II Release 1.0 (Draft)’ (NIST Technology 2011) www.nist.gov/sites/default/files/documents/itl/cloud/SP_500_293_volumeII.pdfGoogle Scholar

Badger, L. and others, ‘US Government Cloud Computing Technology Roadmap’ Volume I & II: High-Priority Requirements to Further USG Agency Cloud Computing Adoption, vol. II (2014) https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-293.pdfGoogle Scholar

Bignami, F., ‘The US Legal System on Data Protection in the Field of Law Enforcement. Safeguards, Rights and Remedies for EU Citizens’ Study for the LIBE Committee (2015)Google Scholar

Brito, M., ‘Cloud Computing, Multi-Sourcing Create New Challenges in Outsourcing’ West Law number 1600655 Aspatore (2014) 1Google Scholar

Burns, P. and Karlyn, M., ‘What Companies Need to Know About Outsourcing Contracts’ WL 1600656 Aspatore (2014) 1Google Scholar

Butterworth, G. and others, ‘Outsourcing in Europe: An In-Depth Review of Drivers, Risks and Trends in the European Outsourcing Market’ Report/Publication Ernst & Young (2013) 1. www.ey.com/Publication/vwLUAssets/Outsourcing_in_Europe_2013/$FILE/EY-outsourcing-survey.pdfGoogle Scholar

Cafaggi, F., Renda, A., and Schmidt, R., ‘Transnational Private Regulation’ in International Regulatory Co-operation: Case Studies, Vol 3 Transnational Private Regulation and Water Management (OECD 2013) http://dx.doi.org/10.1787/9789264200524-3-enGoogle Scholar

Catteddu, D., ‘Security & Resilience in Governmental Clouds - Making an Informed Decision’ ENISA (2011)Google Scholar

Cavoukian, A., ʻPrivacy by Design: The 7 Foundational Principles’ Information & Privacy Commissioner, Ontario, Canada (2011) https://iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdfGoogle Scholar

Chief Information Officers and others, ‘Creating Effective Cloud Computing Contracts for the Federal Government Best Practices for Acquiring IT as a Service’ US Federal Cloud Compliance Committee (2012) https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/1151/2016/10/cloudbestpractices.pdfGoogle Scholar

CoE, Cybercrime Convention Committee (T-CY), ‘Criminal Justice Access to Electronic Evidence in the Cloud: Recommendations for Consideration by the T-CY’ Final Report of the T-CY Cloud Evidence Group (2016) www.coe.int/en/web/cybercrime/cegGoogle Scholar

Commission, ‘Comparative Study on Cloud Computing Contracts’ Directorate-General for Justice and Consumers (European Commission) (2015) https://publications.europa.eu/en/publication-detail/-/publication/40148ba1-1784-4d1a-bb64-334ac3df22c7Google Scholar

Conrad, I. and others, ‘Cloud Computing Contracts – Discussion Paper on Subcontracting’ EU Expert Group on Cloud Computing Contracts (2014) https://ec.europa.eu/info/business-economy-euro/doing-business-eu/contract-rules/cloud-computing/expert-group-cloud-computing-contracts_enGoogle Scholar

Consumer Financial Protection Bureau, Office of the Inspector General, ‘Audit of the CFPB’s Acquisition and Contract Management of Select Cloud Computing Services’ Audit Report 2014-IT-C-016 (2014) https://oig.federalreserve.gov/reports/cfpb-cloud-computing-services-sep2014.pdfGoogle Scholar

Council of the Inspectors General on Integrity and Efficiency (CIGIE), ‘The Council of the Inspectors General on Integrity and Efficiency’s Cloud Computing Initiative’ (2014)Google Scholar

Danish Agency for Digitization and Kammeradvokaten, ‘Cloud Computing and the Legal Framework – Guidance on Legislative Requirement and the Contractual Environment Related to Cloud Computing’ (2012)Google Scholar

Davies, R., ‘Cloud Computing: An Overview of Economic and Policy Issues’ European Parliamentary Research Service (2016) www.europarl.europa.eu/thinktank/en/document.html?reference=EPRS_IDA(2016)583786Google Scholar

Defense Information Systems Agency, ‘Department of Defense (DoD) Cloud Computing Security Requirements Guide Version 1 Release 1’ Report DoD Cloud Computing SRG v1r1 (2015) https://info.publicintelligence.net/DoD-CloudSecurity.pdfGoogle Scholar

Dekker, M. and Liveri, D., ‘Cloud Security Guide for SMEs: Cloud Computing Security Risks and Opportunities for SMEs’ (2015) www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/security-for-smes/cloud-security-guide-for-smesGoogle Scholar

Department of Defense, Inspector General, ‘DoD Cloud Computing Strategy Needs Implementation Plan and Detailed Waiver Process’ Report No DODIG-2015-045 (2014) 23 www.dtic.mil/dtic/tr/fulltext/u2/a613689.pdfGoogle Scholar

De Silva, S., ‘Liability Discussion Paper’ EC Expert Group on Cloud Computing Contracts (9 April 2014) https://ec.europa.eu/info/business-economy-euro/doing-business-eu/contract-rules/cloud-computing/expert-group-cloud-computing-contracts_enGoogle Scholar

Directorate-General for Communications Networks European Commission, Content and Technology, ‘Analysis of Cloud Best Practices and Pilots for the Public Sector - Final Report SMART: 2012/0069’ (2013) https://ec.europa.eu/digital-single-market/en/news/analysis-cloud-best-practices-and-pilots-public-sectorGoogle Scholar

Environmental Protection Agency, Office of the Inspector General, ‘Cloud Oversight Resulted in Unsubstantiated and Missed Opportunities for Savings, Unused and Undelivered Services, and Incomplete Policies’ Report No 14-P-0332 (2014) www.epa.gov/sites/production/files/2015-09/documents/20140815-14-p-0332.pdfGoogle Scholar

Environmental Protection Agency, Office of Inspector General, ‘EPA Is Not Fully Aware of the Extent of Its Use of Cloud Computing Technologies’ Report No 14-P0323 (2014) www.epa.gov/office-inspector-general/report-epa-not-fully-aware-extent-its-use-cloud-computing-technologiesGoogle Scholar

Environmental Protection Agency, Office of Inspector General, ‘EPA Needs to Improve the Recognition and Administration of Cloud Services for the Office of Water’s Permit Management Oversight System’ Report No 15-P-0295 (24 September 2015) www.epa.gov/sites/production/files/2015-09/documents/20150924-15-p-0295.pdfGoogle Scholar

European Banking Authority, ‘Recommendations on Outsourcing to Cloud Service Providers’ EBA/REC/2017/03 (2017) https://eba.europa.eu/regulation-and-policy/internal-governance/recommendations-on-outsourcing-to-cloud-service-providersGoogle Scholar

European Commission, ‘A Digital Single Market Strategy for Europe’ COM (2015) 192 finalGoogle Scholar

European Commission, ‘“Analysis of Cloud Best Practices and Pilots for the Public Sector” and “Annex to the Final Report: Country Files”’ A study prepared for the European Commission DG Communications Networks, Content & Technology (13 November 2013) https://ec.europa.eu/digital-single-market/en/news/analysis-cloud-best-practices-and-pilots-public-sectorGoogle Scholar

European Commission, ‘Certification Schemes for Cloud Computing’ Final Report – Study (2014) https://publications.europa.eu/en/publication-detail/-/publication/a30d111d-df3f-4aa0-b816-9f515c2f6f85Google Scholar

European Commission, ‘Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. Unleashing the Potential of Cloud Computing in Europe’ (2012) https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52012DC0529Google Scholar

European Commission, ‘Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions European Cloud Initiative – Building a competitive data and knowledge economy in Europe’ COM (2016) 178 final https://ec.europa.eu/digital-single-market/en/news/communication-european-cloud-initiative-building-competitive-data-and-knowledge-economy-europeGoogle Scholar

European Commission, ‘Communication from the Commission to the European Parliament, the Council and the European Economic and Social Committee: Digital Contracts for Europe - Unleashing the Potential of E-commerce’ COM (2015) 633Google Scholar

European Commission, ‘Comparative Study on Cloud Computing Contracts’ (2015) https://publications.europa.eu/en/publication-detail/-/publication/40148ba1-1784-4d1a-bb64-334ac3df22c7/language-enGoogle Scholar

European Commission, ‘Comparative Study on Cloud Computing Contracts’ Annex 1: Country Report Overview Work Package 1’ (2015) https://publications.europa.eu/en/publication-detail/-/publication/c854e3e9-8f7a-4a38-b811-46e799747858/language-enGoogle Scholar

European Commission, ‘Comparative Study on Cloud Computing Contracts’ Final Report - Annex 2: Methodology and Sample Country Selection Work Package 2’ (2015) https://publications.europa.eu/en/publication-detail/-/publication/40148ba1-1784-4d1a-bb64-334ac3df22c7Google Scholar

European Commission, ‘Comparative Study on Cloud Computing Contracts’ Final Report - Annex 3: Template Questionnaire with Information Note Used to Gather Input for Work Package 3’ (2015) https://publications.europa.eu/en/publication-detail/-/publication/40148ba1-1784-4d1a-bb64-334ac3df22c7Google Scholar

European Commission, ‘Comparative Study on Cloud Computing Contracts’ Annex 4: Comparative Study on Cloud Computing Contracts: Final Report - Annex 4: Country Report Overview Work Package 3’ (2015) https://publications.europa.eu/en/publication-detail/-/publication/13f8fb54-f159-4ff1-ba72-a8478a33a072/language-enGoogle Scholar

European Commission, ‘Content and Technology Unit E2 – Software and Services, Cloud Computing Service Level Agreements: Exploitation of Research Results’ (2013) https://ec.europa.eu/digital-agenda/en/news/cloud-computing-service-level-agreements-exploitation-research-resultsGoogle Scholar

European Commission, ‘Facilitating Cross-Border Data Flow in the Digital Single Market: Study on Data Location Restrictions’ SMART 2015/0054 (2017)Google Scholar

European Commission, ‘Measuring the Economic Impact of Cloud Computing in Europe: Study Report’ (10 January 2016) https://ec.europa.eu/digital-single-market/en/news/measuring-economic-impact-cloud-computing-europeGoogle Scholar

European Commission, ‘Report from the Commission to the European Parliament and the Council on the First Annual Review of the Functioning of the EU–U.S. Privacy Shield’ COM (2017) 611 finalGoogle Scholar

European Commission, ‘Standards Terms and Performance Criteria in Service Level Agreements for Cloud Computing Services’ SMART 2013/0039 Final Report (2015)Google Scholar

European Commission, ‘What is VAT?’ Taxation and Customs Unit http://ec.europa.eu/taxation_customs/business/vat/what-is-vat_enGoogle Scholar

European Commission Directorate-General for Communications Networks European Commission, Content and Technology, ‘Analysis of Cloud Best Practices and Pilots for the Public Sector – Final Report’ (2012) https://ec.europa.eu/digital-single-market/en/news/analysis-cloud-best-practices-and-pilots-public-sectorGoogle Scholar

European Parliament, ‘Fighting Cyber Crime and Protecting Privacy in the Cloud’ Committee on Civil Liberties, Justice and Home Affairs (2012) www.europarl.europa.eu/thinktank/en/document.html?reference=IPOL-LIBE_ET%282012%29462509Google Scholar

European Telecommunications Standards Institute, ‘Cloud Standards Coordination Final Report’ (November 2013) www.etsi.org/images/files/Events/2013/2013_CSC_Delivery_WS/CSC-Final_report-013-CSC_Final_report_v1_0_PDF_format-.PDFGoogle Scholar

European Union Agency for Network and Information Security, ‘Critical Cloud Computing: A CIIP Perspective on Cloud Computing Services Version 1.0’ (2012) www.enisa.europa.eu/publications/critical-cloud-computingGoogle Scholar

European Union Agency for Network and Information Security, ‘Good Practice Guide for Securely Deploying Governmental Clouds’ (2013) www.enisa.europa.eu/publications/good-practice-guide-for-securely-deploying-governmental-cloudsGoogle Scholar

European Union Agency for Network and Information Security, ‘Procure Secure: A Guide to Monitoring of Security Service Levels in Cloud Contracts’ (2 April 2012) www.enisa.europa.eu/publications/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contractsGoogle Scholar

European Union Agency for Network and Information Security, ‘Security & Resilience in Governmental Clouds – Making an Informed Decision’ (2016) www.enisa.europa.eu/publications/security-and-resilience-in-governmental-cloudsGoogle Scholar

European Union Agency for Network and Information Security, ‘Survey and Analysis of Security Parameters in Cloud SLAs Across the European Public Sector’ Final Report (2011) www.enisa.europa.eu/publications/survey-and-analysis-of-security-parameters-in-cloud-slas-across-the-european-public-sectorGoogle Scholar

Federal Trade Commission, ‘A Brief Overview of the Federal Trade Commission’s Investigative and Law Enforcement Authority’ (2008) Appendix A www.ftc.gov/about-ftc/what-we-do/enforcement-authorityGoogle Scholar

FedRAMP PMO, ‘Tips and Cues’ Report (January 2018) www.fedramp.gov/assets/resources/documents/FedRAMP_Tips_and_Cues.pdfGoogle Scholar

Ficsor, M., ‘The WIPO “Internet Treaties” and Copyright in the “Cloud”’ ALAI Congress (2012) 1 www.alai.jp/ALAI2012/program/paper/The%20WIPO%20Internet%20Treaties%20and%20copyright%20in%20the%20Cloud%20%EF%BC%88Dr.%20Mih%C3%A1ly%20J.%20Ficsor%EF%BC%89.pdfGoogle Scholar

Figliola, P. and Fischer, E. A., ‘Overview and Issues for Implementation of the Federal Cloud Computing Initiative: Implications for Federal Information Technology Reform Management’ (20 January 2015) www.fas.org/sgp/crs/misc/R42887.pdfGoogle Scholar