• No results found

THE CLOUD: OPPORTUNITIES AND ISSUES

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "THE CLOUD: OPPORTUNITIES AND ISSUES"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

T

HE

C

LOUD

: O

PPORTUNITIES

AND

I

SSUES

OF

I

MMATERIALITY

Alberto Pera

(2)

THE CLOUD IS A NO-LAND TERRITORY

• Data can be accessed and processed from anywhere via the

Internet.

• This has great operational advantages: possibility of quick

data delocalization  Enterprises can share data, programs

and procedures among their offices around the world:

quantum jump in speed and data processing capabilities

• But from a legal point of view this poses a lot of issues about

applicable law and the criteria of interpretation

(3)

LEGAL HURDLES TO THE DEVELOPMENT OF THE CLOUD

• Fragmentation of the digital single market due to differing national legal

frameworks and uncertainties over applicable law, digital content and data location.

A few examples:

– Specific issues concerning contracts

– Issues concerning data protection

– Issues concerning competition law

Uncertainty hampers exploitation of potential benefits, especially by SME

(4)

1. SOME CONTRACTUAL ISSUES

• No specific "cloud law" exists yet. Key contractual issues depend on national laws and their interpretation. Examples:

Service Level Agreement (SLA)  are qualified in different ways: service contracts, lease contracts, work contract:

performance obligations stemming from the contract may differ;

Liabilities for indemnification  for direct (in some countries: France, Italy) or indirect (UK) damages. Contractual

limitations of liability are generally admissible, but different requirements in different countries – and treatment is usu sllydifferent in B to B and B to C cases

Consumer protection  EU legislation implies a strong protection of individual customers. In some countries

(Netherlands, Italy) consumer protection applies also to small business

 Quest for standardization and harmonization

Regulations put in place by the industry itself  non-binding initiative of the industry (in Sweden), which elaborated

the General Terms on Cloud Computing. However, they will only apply in case both (or all) parties agree with this and this also to the extent the terms are not derogated from.

Publicly sponsored initiatives for standardization  EU Commission’s proposal of Safe and Fair Contract Terms and Conditions (through a Regulation on a Common European Sales Law)

(5)

The cloud presents an inherent freedom from

locational constraints. Consequently, another issue

concerns the transfer of personal data to countries other than those considered to offer adequate protection.

• Data protection law is based on the premise that it is always clear where personal data is located, by whom it is processed and who is responsible for data processing.

• Cloud computing appears to fundamentally conflict with this evidence  it is no longer possible to say where the data is at a certain moment and by whom and how it is being processed.

2. PRIVACY LAW AND THE CLOUD/1

5

The study of more than 12,000 cloud services by security provider Skyhigh Networks (2015) revealed that suppliers have significant issues around EU regulatory requirements such as data residency, data breach detection and notification, encryption and data deletion policies

(6)

2. PRIVACY LAW AND THE CLOUD /2

• UE citizens’ data must be guaranteed a treatment compliant with stringent Privacy requirements in Europe set by the Directive 95/46/EC. Applied to Cloud services by interpretation (processors and subprocessors of data)

EU privacy requirements set a high standard, based on personal rights to privacy enshrined in the Europea Convention of Human Rights

New Regulation (not Directive) to be issued in 2017 explicitly applies to cloud services (possibility of

encription)

Commission Decisions may attest compatibility with data tratment in other jurisdictions. 200 Decion on

Safe Harbour Principles guaranteeing same level of protection in the US

Recent ECJ judgement on Safe Harbour Principles(6 october 2015):

– Commission Decision does not prevent NDPA from evaluating arrangements of compliant companies – SHP non compliant with EU standards of protection (does not apply to public sector bodies)

Transfer of data to processors to the USA is jeopardized

(7)

2. PRIVACY LAW AND THE CLOUD/3

Possible remedies to ECJ decision: Contractual guarantees to privacy – will they be enough?

The Commission Standard Clauses Decision (February 2010)

Art. 29 Working Party Opinion concerning Privacy in the Cloud (2012)

On these bases starting in 2014 it has been possible for (some) companies to obtain individual

opinion of compliance from the Working Party

Public bodies access to data and EU citizens guarantees remain ope issues: the Umbrella Agreement,

not yet in force, provides for judicial redress for EU citizens in the US. The process of approval is still

ongoing.

(8)

Competitive benefits and risks of data-driven strategies(see European Commission, Google

case)  ongoing proceedings, implications still unclear; French and German Competition

Authorities just opened a joint Study on “new challenges and risks”

Definition  «Big data refers to datasets whose size is beyond the ability of typical

database software tools to capture, store, manage and analyse» (see McKinsey report)

Main characteristics  ubiquity, low cost, wide availability and fleeting value

3. B

ETWEEN

PRIVACY

AND

ANTITRUST

:

THE

ISSUE

OF

«

BIG

DATA

»

(9)

4. THE CLOUD

AND

ANTITRUST ISSUES

9

Lock-in effect / creation – strengthening of market power

– lack of interoperability  the cloud could offer specialized software or services that, once adopted by the customer, would be difficult to obtain from another source

– network effects  the more the cloud is used, the more its value will grow (the network effect is the effect a person of a good or service has on the value of the this good or service for other people using it)

– switching costs  the investment of time and money required to change the cloud provider represents an obstacle to the change of provider. Moreover, another barrier is constituted by the investment of time and money required to train employees to use the cloud and its software

Risk of tying / market power in aftermaarkets

– the cloud provider which has market power on its market could condition the sale of its service on the purchase of another (that is the case, for instance, of a cloud provider that will sell its data storage services only to customers who purchase its own virus detection software).

Risk of exclusive dealing/ raise barrier to entry

– If the customers are already locked in, an exclusive deal between a cloud provider and a particular product or service vendors risks to be problematic as it foreclose competitors’ access to substantial share of the relevant market for their products.

(10)

AN EUROPEAN

APPROACH TO CLOUD ISSUES

• European Commission is working since 2012 in order to promote

the rapid adoption of cloud computing in all sectors of the economy and solve some issues which came up with the development of such a new technology. In particular, The strategy includes three key actions:

Safe and Fair Contract Terms and Conditions (through the Commission's proposal for a Regulation on a Common European Sales Law);

Cutting through the jungle of Standards (with the support of European Union Agency for Network and Information Security (ENISA) and other relevant bodies);

Establishing a European Cloud Partnership (in order to work on common procurement requirements for cloud computing in an open and fully transparent way).

10

In 2016 the European Commission will also present the European cloud initiative. This regulation proposal will facilitate clear and credible certification of services in order to allow users to benefit from secure, reliable and high-quality cloud services. It will ensure that SMEs and consumers are able to switch to a different service provider without undue technical or administrative restraints, and other contractual issues that require a common approach in a single market

(11)

This document was prepared by Gianni, Origoni, Grippo, Cappelli & Partners and is made available for informational purposes only. This document is up-dated at the date indicated on its first page. The information contained in this document, the completeness of which is not guaranteed, does not represent a legal opinion, nor an exhaustive examination of a subject matter and cannot replace an opinion released on a specific subject matter.

Gianni, Origoni, Grippo, Cappelli & Partners accepts no responsibility to any person for any direct or consequential loss arising from the inappropriate use of this document or any alleged reliance upon its content or any other circumstances relating to its use. This document may not be reproduced, distributed or published, either in whole or in part, for any purpose unless expressly authorised by Gianni, Origoni, Grippo, Cappelli & Partners. For any further clarification, or to find out more about the services available to clients, please contact Gianni, Origoni, Grippo, Cappelli & Partners.

Thank you for your

attention

References

Download now ( PDF - 11 Page - 696.41 KB )

Related documents

THE SEARCH FOR KNOWLEDGE OF THE CHILD AND THE SIGNIFICANCE OF HIS GROWTH AND DEVELOPMENT—EXAMPLES FROM THE HARVARD LONGITUDINAL STUDIES

However, if different patterns of progress are identified, as in the charts presented, and the pattern to which a given child con- forms is recognized he may be found con- sistent

Facts, Principles and the Third Man

There are infinitely many principles of justice (conclusion). 24 “These, Socrates, said Parmenides, are a few, and only a few of the difficulties in which we are involved if

The Influence of Land Use on Coastal Litter: An Approach to Identify Abundance and Sources in the Coastal Area of Cilician Basin, Turkey

The high level of coastal litter in the study region adds to the findings of the Report on the State of the Mediterranean Marine and Coastal Environment, which

Contributors

John is the author of nine collections of poetry (including Study for the World’s Body , nominated for The National Book Award in Poetry), most recently The Face: A Novella

INTRODUCTION TO EDIFACT. presented by EIDX

UN/EDIFACT Trade Data Interchange Directory (UNTDID)!. UN Standard Message

The development of dynamic web application by means of PHP and AJAX

Tablica „Pacijenti“ (slika 23.), koja se nalazi u bazi podataka korištenoj za potrebe izrade ovoga diplomskog rada, pohranjuje podatke koji se unose na stranici unos