Cloud Computing climate change for legal contracts ? EuroCloud Ireland & Irish Computer Society July...
-
Upload
theodore-hutchinson -
Category
Documents
-
view
220 -
download
0
Transcript of Cloud Computing climate change for legal contracts ? EuroCloud Ireland & Irish Computer Society July...
Cloud Computing climate change for legal contracts ?
EuroCloud Ireland & Irish Computer SocietyJuly 1st 2010
Philip Nolan/ Jeanne KellyPartners, Mason Hayes+Curran
Overview
• Well documented problems• Changing Cloud = Changing Rules• Competitive Contracts• Data Protection• On the horizon?
Cloud Law 1.0
• A new technology = new legal challenges• Challenges now well known:– No contract between provider and end user– As-is clauses– Data protection obligations– Multiple jurisdictions
• But the cloud keeps evolving
World Economic Forum: Exploring the Future of Cloud Computing
– Established benefits (scalability, elasticity, cost) only represent the tip of the iceberg.
– Second wave of cloud computing benefits on the horizon:• Increased ease of collaboration • Levelling the playing field between big and small firms• Emerging economies likely to leapfrog to higher levels
of development
New Applications for the Cloud
• Moving rapidly beyond ‘traditional’ cloud uses– IaaS– Storage– SaaS
• E.g. GS1 Ireland– DataSync.ie– Tracking Medication
Cloud Law 2.0
• Shift in the attitude towards legal issues• Not merely an obstacle, but a commercial
opportunity– Providers starting to compete on terms – Real choice
• Regulators specifically considering the cloud
LA-Google SaaS Contract
• Approved October 2009• City of Los Angeles shifting to Google Apps for
email, word processing etc… • Even police records• Key government organisation making the shift
to the cloud• Reason for the decision?
LA-Google SaaS (2)
• PC World April 8 2010– “Google moved early to make this a contest over
which company offers the best contract terms and legal protections in cloud environment”
• Contractual terms operated a source of competitive advantage
So what did Google agree to?
• City can cancel at will• Extensive right to audit the data• Google cannot release or view data without
prior approval• Penalties for loss of service• Unlimited Liability for security and data breach
Terms are a differentiator
• LA an exception?• Less negotiating power• But real competition and choice• Not just doom and gloom.
Example 1: Microsoft Azure
• Generous use of Service Credits • Provision of limited warranty• Implement reasonable security measures
Example 2: Google Apps Premier
• Google will protect users’ confidential information to the same standard it protects its own
• No liability cap for breaches of confidentiality• Compliance with SLA – Warranty
Example 3: Hosting 365
• Service will be provided with due skill and care• Will comply in all material respects with SLA• Fixed term contract
Key idea
• Vendors can and do compete on terms of service offered – legal aspects are a source of competitive advantage
• Not all terms are made the same, purchasers have a real choice.
Data Protection
• Four big developments– Opinion 1/2010– New Model Contracts– Data Breach Notification– Schleswig-Holstein DPA opinion
• Operate within existing framework
Opinion 1/2010
• Article 29 Working Group• Refined core distinction between “processors”
and “controllers”• Processors retain discretion as to most
suitable technological and organisational means
New Model Contracts
• Exporting data out of EEA is tricky• Approved Contract Terms• Now allow for sub-processing
Draft Security Breach Code
• Very common in US• Must inform DPC unless:– Data inaccessible due to security measures– < 100 individuals, who have been informed
directly and not financial or sensitive personal data
• No materiality threshold• Detailed report required » possible expense
Schleswig-Holstein DPA Opinion
• 18 June 2010• SAS 70 Type II Certificates ≠ legal compliance• Data protection law is a separate matter
On the Horizon
• European Commission, Opportunities For Cloud Computing Beyond 2010
• Cloud Governance key– Standards for Clouds: Open Source or Proprietary?– Cloud mobility: Avoiding Lock in