Kuan Hon - Big Legal Issues Affecting Cloud
-
Upload
jbaguley -
Category
Technology
-
view
361 -
download
0
Transcript of Kuan Hon - Big Legal Issues Affecting Cloud
Big Legal Issues Affecting Cloud
23 March 2016
Dr Kuan Hon @kuan∅ | [email protected]
Cloudscape 2016
@kuan∅
Canter through
� Already law ! – contracts from 1 Oct 2015 ¾The Insolvency ( Protection of Essential
Supplies ) Order 2015
� Adoption expected 2016, effective in 2 yrs ¾Network & Information Systems Security
Directive ( NIS Directive ) ¾General Data Protection Regulation ( GDPR )
@kuan∅
If cloud customer goes bust...
� More info http://bit.ly/ITinsolvency � Cloud provider can’t use contractual right,
exerciseable upon administration or “voluntary arrangement”, to - ¾Terminate contract - unless eg new charges
unpaid >= 28 days
¾Stop supply of service - unless notice to office-holder to terminate without personal guarantee of new charges, & none within 14 days
@kuan∅
More points • Purpose – where rescue / restructuring, ie
breathing space only • Liquidation, bankruptcy - can still exercise
contractual right to terminate
• Not just cloud services – supply of o Data storage / processing ( which must
include cloud ! ), webhosting, computer software / hardware, IT info / advice / assistance...
@kuan∅
NIS Directive � All data, not just “personal data” � Security obligations + breach / incident notification
obligations + penalties for infringement – 2 classes � Operators of essential services
¾Banks, healthcare, transport, utilities, Internet infrastructure ( IXPs, DNS service providers, top level domain name registries )
¾Essential service relying on DSP, incident at provider
� “Digital service providers” ( lighter obligations ) ¾ Incl. ALL cloud providers - IaaS, PaaS, and SaaS ¾( Also search engines, online marketplaces )
@kuan∅
NIS Directive implications
� Cloud contracts ( operators using cloud for “essential service” ) ¾provider notification
� Breach / incident notification to authorities ¾systems & processes ¾preparation / rehearsal – all stakeholders
� Insurance ?
@kuan∅
GDPR � New processor ( cloud provider ) obligations
¾Security, breach notification to customers, international transfers, records, DPO - 2% / €10m
� New processor ( cloud provider ) liability for compensation if “involved” in processing ¾Choice of who to sue – bigger pockets ? ¾Claim back against others at fault iff paid in full
� New detailed, prescriptive requirements regarding contract terms, incl. cloud contracts ¾Audit rights + regulators can demand info / audits ¾“Assist” cloud customer ( vs. commodity cloud )
@kuan∅
GDPR implications � Cloud and other processor contracts - change of
law / change control clause now ! ¾Providers - allocate responsibilities & liabilities,
indemnities; costs / pricing ¾Both - new required terms - 2% / €10m
� Cloud-appropriate standard contract terms ? ¾CIF, Eurocloud, CSA put forward for approval ?
� Approved certifications, codes of conduct � Breach notification / preparation too !
¾Different authorities than under NIS Directive ? � Insurance ?
@kuan∅
Killing cloud quickly with DP ?
The GDPR's coming, soon to be law they say Middle of 20-18 may be the fateful day ! What will this mean for clo-ud ? Will cloud be here to sta-ay ? Don't want to be pessimistic, not sure how we'll find a way Killing cloud quickly with DP, killing cloud quickly, with DP, tearing up SaaS, PaaS and I-aaS Killing cloud quickly, with DP…?
Full article www.scl.org/site.aspx?i=ed46375
Photo of Roberta Flack by Roland Godefroy CC BY SA 2.5
@kuan∅
Thank you! Dr Kuan Hon Half lawyer | half geek | mostly harmless
Twitter: @kuan∅ Email: k @ my domain below; also
www.kuan∅.com | blog.kuan∅.com