The paper's publication coincides with the 31st International Conference of Data Protection and Privacy Commissioners, which is taking place this week in Madrid, Spain.
"We know that cloud computing is getting a lot of attention these days and we've heard from customers and external stakeholders that they'd like to hear what we're thinking about it," said Brendon Lynch, senior director of privacy strategy for Microsoft's trustworthy computing group. "Privacy and security are the number one concern of organizations that are thinking about going into the cloud space."
Lynch contends the issue isn't really new, noting that Microsoft has been storing Hotmail user data on remote servers for about 15 years.
Nonetheless, the diversity of information being stored in cloud services, the extent to which cloud services are being used by consumers and businesses, and the architectural differences of cloud data storage all provide a reason for Microsoft to clarify its thinking about cloud privacy.
The good news is that the privacy principles Microsoft supports through the architecture of its software -- notice, consent, and choice, among others -- are the principles the company supports for the cloud.
The bad news -- if you accept the premise that Microsoft's interests are aligned with the user's -- is that Microsoft isn't always calling the shots.
Cloud service providers "can be caught in an impossible position when governments impose conflicting legal obligations and assert competing claims of jurisdiction over user data held by these providers," Microsoft's paper states. "Divergent rules on data privacy, data retention, law enforcement access to user data, and other issues can lead to ambiguity and significant legal challenges."
Lynch says that Microsoft is working on these issues, trying to encourage the harmonization of privacy laws and a consistent global privacy framework that can accommodate the reality of global data flows.
"In order to maintain trust and confident in cloud service, we really feel that cloud providers need to put forth strong privacy protections and to be very transparent," said Lynch.
Attend a Webcast on the application grid approach to modern data centers. It happens Tuesday, Nov. 3, 2009. Find out more and register.