Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Cloud Computing climate change for legal contracts ? EuroCloud Ireland & Irish Computer Society July 1st 2010 Philip Nolan/ Jeanne Kelly Partners, Mason Hayes+Curran Overview • • • • • Well documented problems Changing Cloud = Changing Rules Competitive Contracts Data Protection On the horizon? Cloud Law 1.0 • A new technology = new legal challenges • Challenges now well known: – No contract between provider and end user – As-is clauses – Data protection obligations – Multiple jurisdictions • But the cloud keeps evolving World Economic Forum: Exploring the Future of Cloud Computing – Established benefits (scalability, elasticity, cost) only represent the tip of the iceberg. – Second wave of cloud computing benefits on the horizon: • Increased ease of collaboration • Levelling the playing field between big and small firms • Emerging economies likely to leapfrog to higher levels of development New Applications for the Cloud • Moving rapidly beyond ‘traditional’ cloud uses – IaaS – Storage – SaaS • E.g. GS1 Ireland – DataSync.ie – Tracking Medication Cloud Law 2.0 • Shift in the attitude towards legal issues • Not merely an obstacle, but a commercial opportunity – Providers starting to compete on terms – Real choice • Regulators specifically considering the cloud LA-Google SaaS Contract • Approved October 2009 • City of Los Angeles shifting to Google Apps for email, word processing etc… • Even police records • Key government organisation making the shift to the cloud • Reason for the decision? LA-Google SaaS (2) • PC World April 8 2010 – “Google moved early to make this a contest over which company offers the best contract terms and legal protections in cloud environment” • Contractual terms operated a source of competitive advantage So what did Google agree to? • City can cancel at will • Extensive right to audit the data • Google cannot release or view data without prior approval • Penalties for loss of service • Unlimited Liability for security and data breach Terms are a differentiator • • • • LA an exception? Less negotiating power But real competition and choice Not just doom and gloom. Example 1: Microsoft Azure • Generous use of Service Credits • Provision of limited warranty • Implement reasonable security measures Example 2: Google Apps Premier • Google will protect users’ confidential information to the same standard it protects its own • No liability cap for breaches of confidentiality • Compliance with SLA – Warranty Example 3: Hosting 365 • Service will be provided with due skill and care • Will comply in all material respects with SLA • Fixed term contract Key idea • Vendors can and do compete on terms of service offered – legal aspects are a source of competitive advantage • Not all terms are made the same, purchasers have a real choice. Data Protection • Four big developments – Opinion 1/2010 – New Model Contracts – Data Breach Notification – Schleswig-Holstein DPA opinion • Operate within existing framework Opinion 1/2010 • Article 29 Working Group • Refined core distinction between “processors” and “controllers” • Processors retain discretion as to most suitable technological and organisational means New Model Contracts • Exporting data out of EEA is tricky • Approved Contract Terms • Now allow for sub-processing Draft Security Breach Code • Very common in US • Must inform DPC unless: – Data inaccessible due to security measures – < 100 individuals, who have been informed directly and not financial or sensitive personal data • No materiality threshold • Detailed report required » possible expense Schleswig-Holstein DPA Opinion • 18 June 2010 • SAS 70 Type II Certificates ≠ legal compliance • Data protection law is a separate matter On the Horizon • European Commission, Opportunities For Cloud Computing Beyond 2010 • Cloud Governance key – Standards for Clouds: Open Source or Proprietary? – Cloud mobility: Avoiding Lock in Cloud Computing climate change for legal contracts ? EuroCloud Ireland & Irish Computer Society July 1st 2010 Philip Nolan/ Jeanne Kelly Partners, Mason Hayes+Curran