The gathering cloud computing legal considerations
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

The Gathering Cloud computing - Legal considerations PowerPoint PPT Presentation


  • 98 Views
  • Uploaded on
  • Presentation posted in: General

Aberdeen Edinburgh Glasgow. The Gathering Cloud computing - Legal considerations. David Goodbrand, Partner. 28 February 2013. What is cloud computing?. IT services delivered over the internet Increased data storage and processing capacity cost benefits back-up on high quality servers

Download Presentation

The Gathering Cloud computing - Legal considerations

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The gathering cloud computing legal considerations

AberdeenEdinburgh

Glasgow

The GatheringCloud computing - Legal considerations

David Goodbrand, Partner

28 February 2013


What is cloud computing

What is cloud computing?

  • IT services delivered over the internet

    • Increased data storage and processing capacity

    • cost benefits

    • back-up on high quality servers

    • high quality service support

    • (too) quick and easy to set up

  • BUT are people aware of what they are signing up to?


What do you mean by cloud

What do you mean by cloud?

  • Service as opposed to Product

    • Software as a Service (SaaS)

    • Platform as a Service (PaaS)

    • Infrastructure as a Service (IaaS)

  • What type of Cloud?

    • Private

    • Community

    • Public

    • Hybrid


It is all about balancing

It is all about balancing:

  • Risk

  • Cost

  • Control

  • Responsibility on customers to conduct proper due diligence


Benefits and risks

Benefits and Risks

Benefit

Risk

Solution may not precisely match corporate need

Contracting on fixed standard terms with limited protections

Lack of control over data and content

Potentially increased compliance costs

  • Low, fixed cost.

  • Improved support and maintenance

  • Minimises hardware investment cost

  • Reduces internal management overhead


Legal issues

Legal issues

  • Data Protection

  • Standard terms

  • Intellectual property rights

  • “Lock-in”


Data protection principles for data controller

Data Protection Principles For Data Controller

1. Fair and Lawful Processing

2. Specified and Lawful Purposes

3. Adequate, Relevant and Not Excessive

4. Accurate and Up To Date

5. Not Kept Longer Than Necessary

6. Recognise Data Subject Rights

7. Appropriate Security Measures

8. No Transfer Outside EEA Without Protection


Legal issues data protection

Legal issues – data protection

  • “Personal data” inevitably transferred to cloud service provider (“CSP”)

  • Customer remains “data controller”

  • CSP becomes “data processor”

  • Will CSP comply with customer’s obligations under the Data Protection Act 1998?

  • Can CSP sub-contract?

  • Can CSP transfer data to third party?


Legal issues data protection contd

Legal issues – data protection contd:-

  • Data subject must be informed who processes their data and for what purposes.

    • Is this possible where data processor is CSP or a sub-contractor?

  • Where does responsibility for security breach lie?

    • With customer

  • Personal data not to be transferred outside EEA (with certain exceptions not including USA).

    • Where is CSP (or its sub-contractor(s)) based?


New data protection laws headline proposals

New Data Protection Laws: Headline Proposals

  • Compulsory security breach notifications to authority and data subject

    • Expert data protection officer if 250+ employees

    • Privacy impact assessments for sensitive data use

    • Joint and several liability for controllers and processors

    • Sliding scale of fines– max 2% of annual turnover

    • Right to be forgotten: erase all data on request


Legal issues csp s standard terms

Legal issues – CSP’s standard terms

  • Usually tick box to agree to CSP’s Standard T&Cs

  • Terms will be very favourable to CSP

  • Risk allocation

    • Certain risks passed back to the customer

  • Limited warranties given and liabilities taken by CSP

    • E.g.. loss of data

    • Data back up

  • UK - Exclusions need to be reasonable under UCTA


The battle ground

The battle ground?

  • Service levels/availability

  • Service credits?

  • Disaster recovery/business continuity

  • Escrow?

  • Assign-ability?

  • Termination rights

  • Audit rights – transparency

  • TUPE risk


Governing law and jurisdiction

Governing Law and Jurisdiction

  • Favourable jurisdiction for CSP

  • Most CSPs will be based outside UK and agreements tend to be subject to US State law

    • What is the law?

    • How easy would it be to enforce your rights?

  • EU consumer protection and UK’s UCTA should not be relied on to provide protection


Legal issues intellectual property rights

Legal issues – Intellectual Property Rights

  • Although a service – still need a licence to use

  • What are terms of the licence?

  • Third party licences?

  • Does CSP provide indemnity against infringement of third party rights?


Content licensing

Content licensing

  • Do terms provide licence from customer to CSP to allow CSP to use customer content?

  • Important because:

    • data protection issues

    • potential infringement of third party IP

    • confidentiality issues

  • Ensure any use of content by CSP is restricted

  • Can CSP remove data from servers?


Legal issues lock in

Legal issues – “Lock-in”

  • What is the term of the contract?

  • Can data be moved easily to another CSP?

  • What happens on termination?

    • Can all copies of data created be located and deleted?

    • Can CSP guarantee sub-contractors will delete all copies of data they possess?

    • All personal data should be deleted for data protection purposes on termination


Future developments

Future developments?

  • Law still trying to catch up with cloud computing after recent surge in its use

  • Draft EU General Data Protection Regulation proposed by European Commission

  • EU’s Article 29 Working Party has drafted an opinion which addresses key challenges for future

    • Make processor more accountable

    • Prohibit disclosure by data controllers to third country (even to judicial or administrative authority) where no international agreement in place authorising disclosure

    • European Governmental Cloud for public bodies in EU member states

    • Encourage growth of European cloud market – could help foster common standards throughout EU


The gathering cloud computing legal considerations

David GoodbrandPartner +44 (0)131 473 6125 Direct Dial +44 (0) 7802 933 272 [email protected]


  • Login