How To Control Content On The Cloud
|
|
- Gloria Reeves
- 3 years ago
- Views:
Transcription
1 1 EXPERT GROUP MEETING ON CLOUD COMPUTING CONTRACTS SYNTHESIS OF THE MEETING OF 30 APRIL 2014 On 30 April 2014, the Expert Group on Cloud Computing Contracts met for the sixth time. Three sessions were held during this meeting: a session with contract law experts only chaired by Dirk Staudenmayer, a session with data protection experts only chaired by Marie-Hélène Boulanger, and a plenary session chaired by Paraskevi Michou. CONTRACT LAW EXPERTS I) CONTROL AND USE OF CONTENT The rapporteurs, Mr Peter Homoki and Mr Peter Kitts, made a short presentation of the main challenges related to the control and use of user s content in the cloud. In particular, they insisted on the (lack of) users' certainty on what providers can do with users' content. They also flagged that this topic is at the cross-over between several regulatory frameworks (copyright, trademark and other sectorial regulations). Finally, they clarified that the purpose of their discussion paper was to focus on legal issues other than data protection issues. Overview of current terms relating to the use of content Experts were critical toward contractual clauses granting authorisation to cloud providers to use the user's content for any purposes. These clauses were seen by some experts as potentially unfair as they give too broad rights to the provider. Several experts explained that this risk was mostly present in business-to-consumers contracts and less in business-to-business contracts. Cloud computing services addressed to consumer are generally for free. The use of the consumer content is thus a form of remuneration for the cloud provider. However, one expert pointed out that terms authorising a wide use of the user s content by the provider were also to be found in contracts for paid cloud services. Several experts underlined that the fact that users get the cloud service for "free" should not entitle the cloud service provider to use the content for any purpose. Several experts highlighted that a possible way forward would be to restrict the use of content to the extent necessary for the provision of the service. However, one expert expressed the view that such wording may also be subject to interpretation. This can be understood strictly (for example, the rigorous copy-paste of a logo on a portal) or broadly (for example the use of statistics in order to send new, tailored, offers linked to the initial service provision). Some experts called for a more differentiated approach for the use of data. Providers could develop business models with different options offered to users, instead of an "all or nothing system". For example, one option could be that users accept that their data are used for all purposes and would thus benefit from additional free services. Another option could be that users willing to have the data only used for the provision of the service would have to pay. Several experts pointed out the lack of clarity arising from discrepancy between clauses enabling cloud services providers to widely used customers content and clauses in the same contract claiming that "the users content will remain users' content".
2 2 Many experts supported the idea of clearer information on how user's content would be used (e.g. internal marketing purposes, use by third-parties for advertising purposes, provision of the service). They also said that users should be clearly informed when the exploitation of their contents is a form of remuneration to the provider. However, one expert explained that providers have no commercial incentives to clearly inform the user about the use of data. Indeed, contrary to other contractual elements, the way the content is used is not a competitive differentiator yet; potential clients do not choose a service provider or another on that basis. Finally, one expert said that information should be tailored to the service provided. He explained that the more the provider is doing with the content on the cloud, the more details users want to have in the contract regarding control and use of their content. For example, as it is rather simple for a pure storage service to define what the provider may or may not do with the content, the information on the use may be fairly limited. Other specific issues With regard to copyright issues, experts explained that due to the current fragmentation of copyrights laws, providers tend to draft very wide license clauses. The purpose is to protect themselves against possible actions brought by users for copyrights' infringements and ensure that they cover all possible uses that they may do with the content. In response to this trend, one expert suggested developing "licenses for specific purposes only". Another expert highlighted that very wide clauses may be incompatible with copyright laws (e.g., French law prohibits licenses over future creations). Experts insisted that the protection of trade secrets is very important for cloud users. Some experts explained that the lack of trust in cloud services prevents users from storing trade secrets in the cloud. One expert further suggested that cloud contracts make clear what access foreign governments may have to the content put in the cloud. One expert explained that certain professions are limited in their use of cloud services (such as lawyers and healthcare professionals in Germany) because this would endanger the secrecy of certain sensitive information. Experts discussed technical protection measures that can be used by the user to prevent unauthorised use of data by the provider, in particular back-ups on a hard drive. Some experts wondered whether hard drives would really still exist in coming years, as all technologies are moving to the cloud. Experts mentioned end-to-end encryption of data, while emphasising that this solution is quite burdensome to implement. Another expert mentioned new technologies in development, such as, for example, binding embedded software to a specific device or word electronic finger prints. DATA PROTECTION EXPERTS II) DATA DISCLOSURE AND INTEGRITY The rapporteur (Prof. Ian Walden) gave a presentation based on his discussion paper. This presentation was followed by a general discussion and the discussion of the questions attached to the discussion paper. Presentation
3 3 At the beginning of his presentation the rapporteur outlined that the topic is highly controversial. He distinguished three different types of data that a CSP can be seen as processing: a) content supplied to, or generated by, the cloud service by users; b) attributes data or meta-data generated through use of the service, and c) subscriber or user data identifying characteristics of those authorised to use the service. In terms of data disclosure he stressed that some CSPs provide for rather detailed and understandable contract clauses, whereas some CSPs use very vague ones. The more detailed the clauses the higher the protection for cloud users. So, regarding the first category of data, a), some providers have restricted policies, e.g. disclosure will only be made for security or policing reasons. On the other hand some CSPs have a very broad policy using clauses along the line of "We will disclose your data upon your interest". Thus, the former policy can be regarded to offer higher protection than the latter one. The rapporteur also underlined that the legal evaluation of the CSP's behaviour should depend on whether it is acting as a controller or as a processor. Regarding category a) the CSP is usually to be seen as a processor whereas regarding categories b) and c) it is to be seen as a controller. Concerning the term "integrity" the rapporteur explained that this term is usually not defined in legal provisions. However, from a legal perspective "integrity" cannot be seen as an absolute. Some applications do not work "bug free" and there are many sources of dangers for data integrity. General discussion on data disclosure and integrity Experts reacted to the introduction of the rapporteur. Some experts expressed the view that data disclosure issues are in most circumstances covered by the confidentiality clause of their contracts, and that those clauses are standard and undisputed across the industry. The experts discussed the content of a clause that would enable CSPs to disclose data "in response to a valid court order". Here, the use of the wording "valid" was criticized as vague to some experts. The rapporteur outlined in response that there is indeed ambiguity in this regard and that CSPs would rely on such ambiguity in contracts to make their work easier. However, the group also was of the opinion that CSPs cannot be expected to check or even challenge the lawfulness of law enforcement requests for disclosure, as they lack information. Instead, CSPs should only be obliged to check whether procedural rules are met with or not. The group also stressed that FISAA requests and also e-discovery requests are very problematic and that the Commission should provide proposals on how to deal with these matters. Moreover, the group discussed the classification of CSPs as controller and/ or processor. Some experts voiced their worries that the categories of data, a), b) and c), will be mixed and that it is not entirely clear in what category a CSP is to be regarded as controller and/ or processor. There seems to be an overlap between these three categories. Discussion of questions raised in the rapporteurs' paper 1) Should there be contractual limits on the right of a Provider to disclose data submitted/ generated by a Cloud Customer? [category a) of the discussion paper]
4 4 The experts reiterated that CSPs in case of law enforcement requests of disclosure cannot be expected to check the lawfulness of the request they should merely check the procedural compliance of the request. The Commission hinted at the provision Art. 26 (1) (d) Dir 95/46. 2) Should there be contractual limits on the right of a Provider to disclose attributes data or identity data [categories b) and c) of the discussion paper] In this context the issue of consent was discussed by the experts. The rapporteur explained that only rarely consent is given. He referred to Google's recent change of policy as an example: now, Google makes it express that they scan s for marketing purposes. This is a more transparent approach that can be seen as a first step towards the right direction. However, there is obviously no consent involved. The question came up whether it could be distinguished between free and non-free services. Notwithstanding that consumers always pay with their data the rapporteur came up with the idea that there could be an explicit notice of disclosure policies depending on whether consumer have to pay money or not. 3) What procedural safeguards should be detailed in the contract regarding Provider disclosures; and to which categories of recipient should such safeguards apply? The experts agreed that it has to be distinguished between legal and other proceedings. As regards legal proceedings the experts agreed that there should not be a duty to disclose entire data sets as this could harm the position of parties of a civil law case. 4) What procedural safeguards should be detailed in the contract regarding disclosures in urgent circumstances? The experts identified that the definition of "urgent" is problematic and could be used widely by law enforcement entities. 5) Should a disclosing Provider be held contractually liable for the conduct of a receiving Provider? The rapporteur added that there are Model Clauses for international transfers and the group discussed whether something similar should be introduced to intra-eu transfers. 6) What 'legal requirements' should permit a processor to disclose data without the authorisation of the Cloud Customer? Here, the group discussed whether or not public interest could be considered in this context. 7) Should Providers be subject to certain minimum contractual guarantees concerning data integrity? Here, the group agreed on that it depends on the circumstances of the single case. However, it would make sense to not leave CSPs out from responsibilities. 8) Should the contract specify what constitutes a breach of data integrity? The experts discussed whether it would make sense to have such clauses depended on how "important" or how sensitive data is (e.g. health related data or technology related data). It was discussed whether there could be different levels of integrity the highest level would cost extra money, for example. It was also identified, however, that it is not always possible to
5 5 define the integrity requirements in view of the data sensitivity at the time of the conclusion of the contract. 9) What contractual obligations should be required to enable adequate on-going oversight of a processor's obligation? The group discussed whether an annual third party oversight or annual reporting would be helpful. 10) Should Providers be contractually liable for a breach of data integrity by any of its processors and sub-processors? The rapporteur hinted at Art.23 (2) of Directive 95/46 which includes a rule on the burden of proof. It was discussed whether a similar rule should be applied to the CSP. 11) What liability should communication providers have towards a Provider or its customer? Here, the group identified that "TelCo" cases are addressed by this question and it discussed if and where TelCos can be included in the liability chain in cloud contracts. The rapporteur argued that TelCos are part of the "stack", while other experts were dubitative on this aspect. 12) Should the contract specify who is responsible for proving the cause of any data integrity breach? Some experts argued that such a rule should not be included in the contract as it is a fundamental principle of civil law that the party which asserts a claim has to give proof for the requirements of this claim. PLENARY SESSION III) CLOUD COMPUTING AND PRIVATE INTERNATIONAL LAW A representative from the Commission highlighted that cloud computing is an activity which transcends territorial borders and therefore inevitably raises questions of private international law. In particular, the question arises which courts have jurisdiction to deal with a dispute, which law those courts will apply, and whether the resulting judgment will be recognised and enforced in other (Member) States. Three main existing EU private international law instruments, the Rome I and Rome II Regulations (on the question of the applicable law) and the Brussels I Regulation (on the question of jurisdiction and whether judgments are recognised or enforced), apply to cloud computing services. A relevant factor in determining both the jurisdiction and the applicable law is which type of contract the individual cloud computing contract corresponds to. Cloud computing contracts can for instance be lease contracts, service contracts or sale contracts, or a mixture of different contract types. The EU legal instruments mentioned apply also in tort cases, for instance to infringements of privacy rights and to damage or loss of data. Current practice Experts first explained that, except in some limited cases, private international law issues related to cloud computing have been subject to litigation only to a very limited extent so far. An expert estimated that only B2B cases with strategic interests go to court, also due to high
6 6 court fees. One reason why there are only few court cases is the low value of the claims. One expert also emphasised that because of the costs involved, it is difficult for a consumer or even for an SME to sue a provider. Experts then named cases regarding disputes over applicable law they were aware of. One expert mentioned a case in the UK where Google tried to invoke the law of the State of California, but the UK court ultimately applied the UK law. One expert mentioned some B2C cases in France where the issue of applicable law was addressed. The same expert mentioned that Facebook, Google and Twitter were taken to court in some Member States, such as Germany, France and Spain. One expert said that, whilst there are no court cases in the Netherlands, the question of applicable law was discussed regarding a cloud contract for a public health service. One expert stated that usually providers assume that they have to comply with the law where consumers reside. Experts explained that companies, in particular big EU companies, tend more and more to "localise" their contracts. They may do this by conducting compliance checks and adjust their contract to national requirements. This is, however, complex and costly and may force providers to limit their offers to selected countries. Providers therefore now increasingly set up multi-jurisdiction agreements to comply with different jurisdictions, making any choice of applicable law subject to overriding national mandatory provisions. By doing so, they do not face upfront compliance costs, ensure the legality of their standard terms and conditions and take a calculated risk of having to comply with a local mandatory provision in rare specific cases of dispute. Regarding the competent jurisdiction, an expert stressed that while it may be difficult for consumers to go to court due to the costs involved, consumers still do have access to the court where he has his/her residence. That can be more difficult for SMEs because "choice of court clauses may require SMEs to initiate proceedings abroad. Another expert thought that it might be difficult for consumers to sue cloud providers in Hungary because very few of the providers have a local presence in Hungary. The Commission explained that a local presence is not required and that consumers can sue locally despite the absence of a local presence. One expert mentioned a case between Google and Apple Safari where the UK court declared itself competent, even though there was a choice of court agreement referring to a US court. Another expert stated that there is no choice of court possible in B2C relations in Poland. The Commission explained that this is indeed the result of EU legislation on the matter. Another expert mentioned that the fact that cookies were placed on a German computer had been sufficient for a German court to declare itself competent. This case concerned a non-eu provider, therefore jurisdiction was established on the basis of national German law. Finally, one expert explained that due to the value of the disputes, out-of-court mechanisms may be relevant for settling disputes linked to cloud computing contracts. Another expert mentioned that in the UK, in B2C cases one third of the parties choose alternative dispute resolution in case of disputes. Although in such cases, the consumer still has a right to go to court, the reduced costs and fees make such an option attractive. Characterisation of cloud computing contracts One expert stated that cloud computing contracts may be qualified as IT infrastructure contracts. Another expert stated that the type of contract depends on the key element of the service which is provided. For example, SaaS cloud computing contracts could be considered
7 7 as license, PaaS services as lease contracts. He pointed out that these contracts are rarely sales contracts. He wondered whether there are any typical property law instruments (e.g., coownership) that could apply by analogy to the content in the cloud. Another expert agreed that cloud contracts can be considered as service contracts, but that there are also analogies to lease and custody contracts. One expert referred to a decision from the Supreme Court in Germany which considered a webhosting contract as a leasing contract. He pointed out that SaaS contracts are also considered as leasing/renting contracts. In the UK, cloud computing contracts are considered as service contracts rather than lease contracts. The same is valid for France. For the purposes of applying the EU legislative instruments, a characterisation as "service contracts" would allow to establish jurisdiction over all disputes relating to the contract in the same court in the EU. Location of the provision in service contracts Experts listed criteria that may help locating the place of provision of the service, such as the seat of the main cloud provider, the operational service provider s physical premises or the place where networks of several multi-data centres connect. Regarding the service provider s premises, experts said that it may be difficult to use this criterion because many premises and infrastructures are operating at the same time for the provision of one service. Moreover, it is difficult to identify a specific datacentre when there are more than one datacentre involved in the service. Another expert stressed that there are services with geographical restrictions that are not accessible from all countries such as "Spotify". This should be taken into account when determining the place of location of the service. One expert suggested to be inspired by the definition of place of provision of service used in the EU VAT Directive. Others, on the other hand, thought that the objective (harmonising VAT laws) pursued by this legislation is different and can thus not necessarily be transferable to cloud computing service. Finally, one expert insisted that the determination of the location would depend on the exact nature of the cloud services provided. For example, in case of a cloud communication service, the relevant place would be the place where the service is used (e.g. the place of the consumer). The place of location of the server could also determine the place of provision of the service as it is the place where the contractual obligation (e.g. storage in case of storage service) is executed. One easy solution could also be to locate the provision of services at the place of domicile of the service recipient. Relevance of non-contractual claims and liability Most of the experts agreed that the protection of trade secrets and copyright infringements as non-contractual claims are very important aspects in the cloud. In that case, the place where the damage occurred or the place where the event giving rise to the damage took place are of relevance to determine jurisdiction; as for applicable law, the place where the damage occurred is the primary criterion.
AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING
AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING 1. Overview and Background On 27 September 2012, the European Commission adopted a strategy for "Unleashing the potential of cloud computing in
More informationGlobal Guide to Competition Litigation Poland
Global Guide to Competition Litigation Poland 2012 Table of Contents Availability of private enforcement in respect of competition law infringements and jurisdiction... 1 Conduct of proceedings and costs...
More informationSummary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL
Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined
More informationUnder European law teleradiology is both a health service and an information society service.
ESR statement on the European Commission Staff Working Document on the applicability of the existing EU legal framework to telemedicine services (SWD 2012/413). The European Society of Radiology (ESR)
More informationApplication of Data Protection Concepts to Cloud Computing
Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective
More informationPUBLIC CONSULTATION 1. INTRODUCTION
PUBLIC CONSULTATION ON LIMITATION PERIODS FOR COMPENSATION CLAIMS OF VICTIMS OF CROSS-BORDER ROAD TRAFFIC ACCIDENTS IN THE EUROPEAN UNION 1. INTRODUCTION For more than 10 years the European Union has developed
More informationPUBLIC CONSULTATION 1. INTRODUCTION
PUBLIC CONSULTATION ON LIMITATION PERIODS FOR COMPENSATION CLAIMS OF VICTIMS OF CROSS-BORDER ROAD TRAFFIC ACCIDENTS IN THE EUROPEAN UNION 1. INTRODUCTION For more than 10 years the European Union has developed
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More informationAustralia s unique approach to trans-border privacy and cloud computing
Australia s unique approach to trans-border privacy and cloud computing Peter Leonard Partner, Gilbert + Tobin Lawyers and Director, iappanz In Australia, as in many jurisdictions, there have been questions
More informationCCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING
CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law
More informationSTATE OF PLAY AND OUTLOOK FOR CROSS-BORDER TRADE IN INSURANCE. RELEVANCE AND IMPACTS OF DIFFERENCES IN INSURANCE CONTRACT LAW
Expert Group on European Insurance Contract Law First Meeting Minutes Brussels, 17 th -18 th April 2013 On 17 April 2013, the Expert Group on European Insurance Law met for the first time. The meeting
More informationInsurance Europe key messages on the European Commission's proposed General Data Protection Regulation
Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for
More informationComments and proposals on the Chapter IV of the General Data Protection Regulation
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationWebsite Disclaimer http://www.website-law.co.uk/ourdocumentlicence.html. Disclaimer 1
Website Disclaimer http://www.website-law.co.uk/ourdocumentlicence.html (1) Introduction Disclaimer 1 This disclaimer governs your use of our website; by using our website, you accept this disclaimer in
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 00658/13/EN WP 204 Explanatory Document on the Processor Binding Corporate Rules Adopted on 19 April 2013 This Working Party was set up under Article 29 of Directive
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationOVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationCombar/CLLS Guidance note on the Agreement for the Supply of Services by a Barrister in a Commercial Case
Combar/CLLS Guidance note on the Agreement for the Supply of Services by a Barrister in a Commercial Case Introduction... 2 Background... 2 Entering into an agreement incorporating the Terms... 3 The Services...
More informationKnowhow briefs Privilege
Knowhow briefs Privilege Executive summary: A party has an absolute right to withhold a privileged document from production to a third party. It is only necessary to claim privilege in respect of documents
More information10227/13 GS/np 1 DG D 2B
COUNCIL OF THE EUROPEAN UNION Brussels, 31 May 2013 10227/13 Interinstitutional File: 2012/0011 (COD) DATAPROTECT 72 JAI 438 MI 469 DRS 104 DAPIX 86 FREMP 77 COMIX 339 CODEC 1257 NOTE from: Presidency
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationGARANTE PER LA PROTEZIONE DEI DATI PERSONALI WHEREAS
[doc. web n. 1589969] Spamming: How to Lawfully Email Advertising Messages GARANTE PER LA PROTEZIONE DEI DATI PERSONALI Prof. Stefano Rodotà, President, Prof. Giuseppe Santaniello, Vice-President, Prof.
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationCCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE
Représentant les avocats d Europe Representing Europe s lawyers CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION
More informationPrivacy Implications of Cloud Computing in Israel
January 2012 Privacy Implications of Cloud Computing in Israel Adv. Naomi Assia Co-chairman of the Data Protection Committee -ITECHLAW www.computer-law.co.il Cloud Computing One widely accepted definition
More informationContracting for International Outsourcing
Legal Voice: Contracting for International Outsourcing by Brad Peterson and Mark Prinsley; Mayer, Brown, Rowe & Maw International outsourcing occurs where a customer turns over responsibility for a function
More informationData, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller
Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,
More informationData protection issues on an EU outsourcing
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
More informationThe Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper
The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation 1. Introduction Initial Discussion Paper The data protection officer ( DPO )
More informationTerms and Conditions for the Registration of Domain Names
Terms and Conditions for the Registration of Domain Names WARNING: by registering a domain name within the.uk Top Level Domain (a Domain Name ), you enter into a contract of registration with Nominet UK
More informationETNO Reflection Document on EC consultation: VAT The place of supply of services to non-taxable persons
March 2005 ETNO Reflection Document on EC consultation: VAT The place of supply of services to non-taxable persons Executive Summary: The EU Commission has in 2004 made proposals for the place of supply
More informationMega Transparency Report. March 2015. Requests for Removal of Content and for User Information
Mega Transparency Report March 205 Requests for Removal of Content and for User Information Introduction This is the first transparency report published by Mega since it commenced operations in January
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationApplication Programming Interface (API) Application (app) - The API app is the connector between epages and the developers service.
Developer Program 0. Preamble epages is the owner and vendor of the online shop software epages which enables merchants to run their online shop in the cloud. epages provides a developer program for third
More informationGENERAL SOFTWARE LICENCE TERMS AND CONDITIONS of Fritz & Macziol GmbH Current as of March 2014
GENERAL SOFTWARE LICENCE TERMS AND CONDITIONS of Fritz & Macziol GmbH Current as of March 2014 Section 1 Preamble The following software licence terms and conditions stipulate the extent of the rights
More informationTerms and Conditions
Terms and Conditions The following Terms and Conditions define the conditions of use of the website http://www.adbuddiz.com/ (hereinafter the Website ), edited by SAS PURPLE BRAIN, registered at the Paris
More informationDigital Content Protection Under The Commission S propose
The Consumer Voice in Europe PROPOSAL FOR A DIRECTIVE ON CONTRACTS FOR THE SUPPLY OF DIGITAL CONTENT BEUC preliminary position Contact: Agustín Reyna - digital@beuc.eu BUREAU EUROPÉEN DES UNIONS DE CONSOMMATEURS
More informationYearbook. Building IP value in the 21st century. Taking a ride on the Birthday Train. KUHNEN & WACKER Intellectual Property Law Firm Christian Thomas
Published by Yearbook 2016 Building IP value in the 21st century Taking a ride on the Birthday Train KUHNEN & WACKER Intellectual Property Law Firm Christian Thomas KUHNEN & WACKER Intellectual Property
More informationData Protection in Clinical Studies Implications of the New EU General Data Protection Regulation
June 19, 2012 Practice Group(s): Health Care Life Sciences Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation By Mathias Schulze Steinen and Daniela Bohn
More information(a) the kind of data and the harm that could result if any of those things should occur;
Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data
More informationGuidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment
Guidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment ("Cookie Order") 2nd version, April 2013 Preface...3 1. Introduction...5
More informationData Protection, Software Licenses and other Legal Issues in the Cloud
Data Protection, Software Licenses and other Legal Issues in the Cloud Dr. Hendrik Schöttle Rechtsanwalt, Fachanwalt für IT-Recht OSDC 2012, Nuremberg 26. April 2012 Overview Introduction Data Protection
More informationEU regulatory framework for e-commerce
EU regulatory framework for e-commerce WTO Workshop Geneva, 18 th June 2013 Denis Sparas European Commission Directorate General for Internal Market and Services Outline E-commerce Directive E-commerce
More informationChecklist: Cloud Computing Agreement
Checklist: Cloud Computing Agreement crosslaw s checklists Date : 21 November 2015 Version 1.4 Tags : ICT Law Johan Vandendriessche Johan is partner and heads the ICT/IP/Data Protection practice. He combines
More informationYou are authorised to view and download one copy to a local hard drive or disk, print and make copies of such printouts, provided that:
Terms of Use The Standard Bank of South Africa Limited ( Standard Bank ) maintains this demonstration trading platform (the "Demo Trading Platform") and the virtual services/products ("Virtual Services")
More informationPersonal data and cloud computing, the cloud now has a standard. by Luca Bolognini
Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last
More informationRELOCATEYOURSELF.COM B.V - TERMS OF USE OF SERVICES
RELOCATEYOURSELF.COM B.V - TERMS OF USE OF SERVICES The following constitute the terms and conditions of access and use of the Services, as defined hereunder, which shall be deemed to have been read and
More informationEUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy
EUROPEAN PARLIAMT 2009-2014 Committee on Industry, Research and Energy 2012/0011(COD) 26.02.2013 OPINION of the Committee on Industry, Research and Energy for the Committee on Civil Liberties, Justice
More informationReview of remote casino, betting and bingo regulatory return and gambling software regulatory return. Consultation document
Review of remote casino, betting and bingo regulatory return and gambling software regulatory return Consultation document October 2013 Contents 1 Introduction 3 2 Background and context 5 3 Reasons for
More informationEfficient alternative dispute resolution (ADR) for intellectual property disputes
13.1 Efficient alternative dispute resolution (ADR) for intellectual property disputes More and more rights holders are recognizing the benefits of using private neutral mechanisms that allow parties to
More informationResponse to the UK Ministry of Justice s Call for Evidence on the European Commission s Data Protection Proposals
Response to the UK Ministry of Justice s Call for Evidence on the European Commission s Data Protection Proposals Cloud Legal Project, Queen Mary, University of London This response is made by Christopher
More informationTHE CLOUD: OPPORTUNITIES AND ISSUES
THE CLOUD: OPPORTUNITIES AND ISSUES OF IMMATERIALITY Alberto Pera Partner, Gianni Origoni Grippo Cappelli & Partners THE CLOUD IS A NO-LAND TERRITORY Data can be accessed and processed from anywhere via
More informationEuropean Union Law and Online Gambling by Marcos Charif
With infringement proceedings, rulings by the European Court of Justice (ECJ) and the ongoing lack of online gambling regulation at EU level, it is important to understand the extent to which member states
More informationSOUTH DOWNS INTRODUCTIONS LTD ACCEPTABLE USE POLICY INCORPORATING WEBSITE TERMS AND CONDITIONS
These terms of use govern your use of our site. Please read the whole of these terms in full before you use this Website. If you do not accept these terms, please do not use this Website. Your continued
More informationGENERAL TERMS AND CONDITIONS FOR CONTRACTS FOR LAWYERS. 1. Scope of Application. 2. Mandate and Power of Attorney. 3. Principles of Representation
GENERAL TERMS AND CONDITIONS FOR CONTRACTS FOR LAWYERS 1. Scope of Application 1.1 The Terms and Conditions for Contracts shall apply to all activities and acts of representation in court and out of court,
More informationSubject to, notwithstanding and without prejudice to what do they all mean?
Welcome Time. Never seems to be enough of it! This month is about shortcuts. Time pressure can make shorthand expressions which achieve the desired result useful tools, but are such expressions always
More informationInformation Technology - Switzerland
Newsletters Law Directory Deals News Subscribe Home Information Technology - Switzerland Data Protection - Key Issues Contributed by Homburger December 2 2003 Introduction No Free Flow of Data within a
More informationEU public procurement framework ETUC position
EU public procurement framework ETUC position Adopted at the Executive Committee on 6-7 March 2012. 1. In December 2011, the Commission adopted the revised framework for public procurement comprising a
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationFRANCE. Chapter XX OVERVIEW
Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection
More informationEU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
More informationIESBA Technical Director Mr. Ken Siong. By e-mail: kensiong@ethicsboard.org. 2 September, 2015
IESBA Technical Director Mr. Ken Siong By e-mail: kensiong@ethicsboard.org 2 September, 2015 Re: FSR danske revisorer comments on IESBA Exposure Draft: Responding to Non-Compliance with Laws and Regulations
More informationData Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005
Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005
More informationKnowledge. Practical guide to competition damages claims in the UK
Knowledge Practical guide to competition damages claims in the UK Practical guide to competition damages claims in the UK Contents Reforms to damages litigation in the UK for infringements of competition
More informationGENERAL TERMS OF ENGAGEMENT (GTE)
GENERAL TERMS OF ENGAGEMENT (GTE) (This is an English translation of the German text, which is the sole authoritative version.) 1. Scope 1.1 These engagement terms shall apply to all activities and acts
More informationMexico. Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López. Von Wobeser y Sierra, S.C.
Mexico Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López Market overview 1 What kinds of outsourcing take place in your jurisdiction? In Mexico, a subcontracting regime (understood as the regime
More informationCloud Computing Contracts. October 11, 2012
Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best
More informationProtection for Insurance Customer Under Turkish Laws
Protection for Insurance Customer Under Turkish Laws Presentation to the AIDA_Turkish Insurance Law Association Ahmet Karayazgan, Karayazgan Law Firm Istanbul, May 3, 2012 1 Part 1 Definition of Insurance
More informationJoint Innovate UK and CW Legal SIG Event - Internet of Things Workshop - 17th March 2015. Contracting for IoT
Joint Innovate UK and CW Legal SIG Event - Internet of Things Workshop - 17th March 2015 Contracting for IoT Professor Ian Walden Institute of Computer and Communications Law Centre for Commercial Law
More informationLIABILITY FOR NON-COMPLIANCE WITH DATA PROTECTION OBLIGATIONS
LIABILITY FOR NON-COMPLIANCE WITH DATA PROTECTION OBLIGATIONS This document is a rough draft aiming at presenting key provisions, current clauses used in Cloud computing contracts and first drafts on possible
More informationCOMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document
EUROPEAN COMMISSION Brussels, 10.4.2014 SWD(2014) 135 final COMMISSION STAFF WORKING DOCUMENT on the existing EU legal framework applicable to lifestyle and wellbeing apps Accompanying the document GREEN
More informationOnline and Mobile Privacy Notice ( Privacy Notice )
Online and Mobile Privacy Notice ( Privacy Notice ) Introduction This Privacy Notice applies to the operations of Cigna Global Health Benefits and its affiliated companies listed at the end of this Privacy
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 2588/15/EN WP 232 Opinion 02/2015 on C-SIG Code of Conduct on Cloud Computing Adopted on 22 September 2015 This Working Party was set up under Article 29 of Directive
More informationData controllers and data processors: what the difference is and what the governance implications are
ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a
More informationAcquia Comments on EU Recommendations for Data Processing in the Cloud
Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing
More informationCatalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.
PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that
More informationInhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie
Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A
More informationOverview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service
Data protection in a swirl of change Overview 1 Data protection issues in cloud computing 2 Consent for mobile applications Security Seminar 2014: Privacy Radboud University Nijmegen 3 The WhatsApp case
More informationEGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY
Bridging The Gap Between Healthcare & Hipaa Compliant Cloud Technology and outsource computing resources to external entities, would provide substantial relief to healthcare service providers. Data stored
More informationREPAIR SERVICES AND PROCESSING FEES.
BLACKBERRY PLAYBOOK REPAIR SERVICE TERMS AND CONDITIONS THESE BLACKBERRY PLAYBOOK REPAIR SERVICE TERMS AND CONDITIONS (THIS AGREEMENT ) FORM A LEGAL AGREEMENT BETWEEN YOU INDIVIDUALLY, OR IF YOU ARE AUTHORIZED
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES GREEN PAPER. on applicable law and jurisdiction in divorce matters. (presented by the Commission)
COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 14.3.2005 COM(2005) 82 final GREEN PAPER on applicable law and jurisdiction in divorce matters (presented by the Commission) {SEC(2005) 331} EN EN GREEN
More informationFactsheet on the Right to be
101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against
More informationGENERAL TERMS AND CONDITIONS FOR THE USE OF THE ENTSO-E TRANSPARENCY PLATFORM
GENERAL TERMS AND CONDITIONS FOR THE USE OF THE ENTSO-E TRANSPARENCY PLATFORM (January 2015) In accordance with Article 3 of the Regulation (EU) N 543/2013 on submission and publication of data in electricity
More informationBriefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:
UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider
More informationAn Optional Common European Sales Law: Advantages and Problems Advice to the UK Government
An Optional Common European Sales Law: Advantages and Problems Advice to the UK Government November 2011 AN OPTIONAL COMMON EUROPEAN SALES LAW: ADVANTAGES AND PROBLEMS Advice to the UK Government from
More informationAugust 2011. Report on Cloud Computing and the Law for UK FE and HE (An Overview)
August 2011 Report on Cloud Computing and the Law for UK FE and HE (An Overview) Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision.
More informationInto the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users?
10 Juni 2013 Taylor Wessing - Essay Competition 2013 Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users? by Katarina Kesselová, LLM. Introduction
More informationResolution on Consumer Protection in Cloud Computing
DOC NO: INFOSOC 46-11 DATE ISSUED: JUNE 2011 Resolution on Consumer Protection in Cloud Computing Consumers, businesses and governments are increasingly using cloud computing services to store and share
More informationCorporate Compliance: A Global Perspective
Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming
More informationOverview of Employment and Employee Privacy Laws and Key Trends in Austria
P a g e 1 Privacy Interviews with Experts August 2011 Toronto / Washington DC / Brussels www.nymity.com Rainer Knyrim Attorney and Partner Preslmayr Attorneys at Law Vienna, Austria Overview of Employment
More informationKnowhow briefs The Brussels regulation at a glance
Knowhow briefs The Brussels regulation at a glance Executive Summary: A practical guide which addresses how and why the Brussels Regulation has been ratified and approved; which jurisdictional issues parties
More informationPARTNER TERMS & CONDITIONS
PARTNER TERMS & CONDITIONS GENERAL TERMS AND CONDITIONS OF BUSINESS FOR THE PLACEMENT OF LIGATUS SERVICES ON PARTNER SITES Version: 01 December 2015 1. The following General Terms and Conditions of Business
More informationResponse of the German Medical Association
Response of the German Medical Association To the Green Paper on mobile Health ( mhealth ) of the European Commission Berlin, 3 July 2014 Bundesärztekammer Herbert-Lewin-Platz 1 10623 Berlin We are grateful
More informationThird European Cyber Security Awareness Day BSA, European Parliament, 13 April 2010. Panel IV: Privacy and Cloud Computing
Third European Cyber Security Awareness Day BSA, European Parliament, 13 April 2010 Panel IV: Privacy and Cloud Computing Data Protection and Cloud Computing under EU law Peter Hustinx European Data Protection
More informationThe Trialogue on Key Information Documents for Investment Products
The Trialogue on Key Information Documents for Investment Products Extending the KID s scope to corporate bonds would over-burden issuers, limit investment opportunities for retail investors and reduce
More information