Cloud computing technologies can increase innovation and economic growth considerably. Empirical studies have shown, however, that many users underutilize cloud technologies because of privacy concerns. Individuals do not fully trust that their personal pictures, for instance, don’t leak if put to the cloud for once. Firms do not trust that their critical business applications run smoothly and that their business secrets are kept safe if stored on servers that can be mirrored or changed over night.
“Trusting Privacy in the Cloud” addresses these concerns. In that paper, which is forthcoming in Information Economics and Policy, I design an institution attenuating the trust problem in cloud computing: a two-layered certification scheme built around a private, nonprofit organization called cloud association. This association is governed by representatives of both users and cloud service providers and sources auditing and certification of providers out to independent for-profit certifiers. It is shown how this institution incentivizes providers to produce high data security, and users with strong privacy preferences to trust them and pay a premium for their services. The theoretical proposed mechanism is compared with procedures in an existing organization. Suggestions for how to improve the existing one are made.