Towards safer information sharing in the cloud

Web interactions usually require the exchange of personal and confidential information for a variety of purposes, including enabling business transactions and the provisioning of services. A key issue affecting these interactions is the lack of trust and control on how data are going to be used and processed by the entities that receive it. In the traditional world, this problem is addressed using contractual agreements, those are signed by the involved parties, and law enforcement. This could be done electronically as well but, in addition to the trust issue, there is currently a major gap between the definition of legal contracts regulating the sharing of data, and the software infrastructure required to support and enforce them. How to enable organisations to provide more automation in this process? How to ensure that legal contracts can be actually enforced by the underlying IT infrastructure? How to enable end-users to express their preferences and constraints within these contracts? This article describes our R&D work to make progress towards addressing this gap via the usage of electronic Data Sharing Agreements (e-DSA). The aim is to share our vision, discuss the involved challenges and stimulate further research and development in this space. We specifically focus on a cloud scenario because it provides a rich set of use cases involving interactions and information sharing among multiple stakeholders, including users and service providers.