1 / 10

Challenges for consumer rights in a cloud computing powered world and ISO/IEC Project 19086

Challenges for consumer rights in a cloud computing powered world and ISO/IEC Project 19086 developing a framework standard for service level agreements in cloud computing Norbert Bollow <nb@bollow.ch> Chiang Mai, 3 April 2014.

ouida
Download Presentation

Challenges for consumer rights in a cloud computing powered world and ISO/IEC Project 19086

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Challenges for consumer rights in a cloud computing powered world and ISO/IEC Project 19086 developing a framework standard for service level agreements in cloud computing Norbert Bollow <nb@bollow.ch> Chiang Mai, 3 April 2014

  2. from the presentation of the ISO/IEC JTC1 SC38 Chair to the ISO/IEC JTC1 plenary, November 2013

  3. Consumer rights laws are currently based on assumptions that are typically not valid for cloud based services • assumption that services to consumers are provided by companies subject to the laws of the consumer's country • assumption that consumers (or at least organizations that test products in order to inform consumers) are able to recognize defective products • assumption that a defective product primarily harms its users (rather than society as a whole) • assumption that competitors are able to offer significantly different products

  4. Consumer rights laws are currently based on assumptions that are typically not valid for cloud based services • assumption that services to consumers are provided by companies subject to the laws of the consumer's country • assumption that consumers (or at least organizations that test products in order to inform consumers) are able to recognize defective products • assumption that a defective product primarily harms its users (rather than society as a whole) • assumption that competitors are able to offer significantly different products

  5. A simple scenario for a cloud based service provided to consumers • Company A in country X offers a cloud service implementing a business process. • Companies B, C and D in country Y make use of this cloud service to provide a service to consumers in country Y. • Key properties of the service offered by companies B, C and D depend on the SLA offered by company A, the laws of country X, and the laws applying to the supply chain of A.

  6. What to do? • Insist that ISO/IEC Project 19086 developing a framework standard for service level agreements in cloud computing puts emphasis on the aspects that are important for consumer protection. • Consumer organizations need to build competence for validating claims of providers of cloud based services e.g. in regard to security / data protection.

  7. What are ISO and IEC? • ISO=“International Organization for Standardization”, formally a private sector association with seat in Geneva, economically a cartel of national standardization organizations. • IEC=“International Electrotechnical Commission“, also has the seat in Geneva. • Under WTO rules, ISO/IEC standards can be referenced in legislation (that wouldn't make sense for the 19086 standard, but this is relevant to the culture of the organization and its processes). • Consumers International engaged in COLPOCO.

  8. ISO/IEC JTC1 SC38 • “JTC” = “Joint Technical Committee” of ISO and IEC. • SC = “Sub-Committee”. • SC38 is for the topic areas distrivuted computing, service oriented architecture, and cloud computing. • Participants have a technical background, most are employees of big companies who want to earn money in this area. • Most countries are represented by employees of US based international companies, it is particular to SC38 that for very many countries this is Microsoft. • Because consensus processes are used, even a single consumer organization voice can have huge impact!!!

  9. What's in my report? • I've looked at national consumer laws for arguments that can be used to influence ISO/IEC SC38. This is not a legal analysis, as the people in SC38 have a technical rather than a legal background. • Analysis which aspects are particularly important in the cloud computing context.

  10. What to do? (We need to do it!) • Insist that ISO/IEC Project 19086 developing a framework standard for service level agreements in cloud computing puts emphasis on the aspects that are important for consumer protection. • Consumer organizations need to build competence for validating claims of providers of cloud based services e.g. in regard to security / data protection. • “All that is necessary for the forces of evil to succeed is for enough good people to do nothing.” (famous quote misattributed to Edmund Burke)

More Related