Regulating Cloud Computing: Clear Skies Ahead?

Presented in association with UCC’s LLM in Intellectual Property and E Law

Friday 16 November, 2012, 2.00 p.m. to 5.15 p.m.

Room G10, Brookfield Health Sciences Complex, UCC, College Road, Cork

Cloud computing – internet-based delivery of IT services – is a growth industry and many Irish businesses are operating as either cloud providers or cloud clients. This conference, presented in association with UCC’s LLM in Intellectual Property and E Law, will discuss regulation of cloud computing, including questions such as the following:

What legal issues need to be considered by businesses in contracting for the provision or use of cloud computing services?
Can an appropriate regulatory balance be struck between cloud provider and cloud client interests?
What are the legal consequences of security breaches regarding data held in the cloud?
What are the implications of storage of data in Europe, the USA and other jurisdictions?
What is the relevance of the EU / US safe harbour arrangements for cloud computing?
What are the implications of the EU’s draft General Data Protection Regulation?
Are concerns about the USA’s Patriot Act and Mutual Legal Assistance Treaties in cloud computing justified?
How are intellectual property law issues dealt with in a cloud environment?

Speakers:

Professor Ian Walden, Centre for Commercial Law Studies, Queen Mary, University of London and member of the Cloud Legal Project.

Mr John O’Connor, Head of the Technology and Commercial Contracts Group at Matheson Ormsby Prentice, Solicitors.

Ms Síofra Flood, COO and General Counsel at Swrve, leading provider of in-application testing and analytics, California and Dublin.

Legal Issues of Cloud Computing

In our days, many companies and corporations use the services of providers known as “Cloud Computing”. In this way, they minimize expenses for hardware and software. however, this might result into certain legal problems concering mainly data protection, data security and more specific issues, such as tax law issues. Thus, users of cloud computing have to take into consideration this problematic before making any decision as to which services they will use.

According to Wikipedia, cloud computing is a paradigm of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. It essentially refers to specilised services, provided over the Internet and making available computer and network infrastructure, software and platform. For example, a company can maintain its own e-mail account system, but will be handled by a (cloud computing) provider, so that the company will not have to maintain its own server for this purpose.

This model of services offers evidently financial advantages to users, however, it also has some negative features. In particular, it noted that it may limit the freedom of users to choose applications. Certainly, users are free to choose whether they will make use of cloud computing or not. Further, it is pointed out by Richard Stallman, founder of the Free Software Foundation, that cloud computing endangers liberties because users sacrifice their privacy and personal data to a third party. He states that cloud computing is “simply a trap aimed at forcing more people to buy into locked, proprietary systems that would cost them more and more over time.

Besides that, as it happens with many network services, even if data are securely stored in a cloud, many factors can temporarily disrupt access to the data, such as network outages, denial of service attacks against the service provider, and a major failure of the service provider infrastructure.

The most critical issue, however, is protection of personal data. Since personal data provided by users are being processed by cloud computing providers it has to be determined whether the requirements of applicable national data protection law are satisfied. This would not be the case if such data are being transfered to a third country, outside the EU, which does not provide an adequate level of protection. The Berliner Datenschutzbeauftragte Alexander Dix states in his annual report
that the transfer of data in countries such the USA, China or Japan would not be allowed (“Die datenschutzrechtlich für die Datenverarbeitung verantwortlichen, z. B. deutschen Kundinnen und Kunden, müssen sich davon überzeugen, dass die Datenverarbeitung nicht in einem Drittland ohne angemessenes Datenschutzniveau, z. B. in den USA, China oder Japan, stattfindet”.)

Same problems are caused when data are being transfer with regard to tax law, since national tax law require that financial data are directly accessible.

See also: Fallstricke in der “Cloud”