Role of contracts in Cloud Computing an Overview. Kevin McGillivray Doctoral Candidate (NRCCL)



Similar documents
Article 29 Working Party Issues Opinion on Cloud Computing

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

How To Protect Your Data In The Cloud

Acquia Comments on EU Recommendations for Data Processing in the Cloud

Cloud Security Standardisation & Certification. Arjan de Jong Policy Advisor Information Security

Cloud Computing: Legal Risks and Best Practices

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Recommendations for companies planning to use Cloud computing services

Cloud Service Contracts: An Issue of Trust

European Privacy Reporter

Privacy, the Cloud and Data Breaches

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Australia s unique approach to trans-border privacy and cloud computing

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

The problem of cloud data governance

Drawing Lines in the Cloud: Jurisdictional Access to Data. Nancy Libin Mary Ellen Callahan

Resolution on Consumer Protection in Cloud Computing

European Commission initiatives on e- and mhealth

HIPAA BUSINESS ASSOCIATE AGREEMENT

Checklist: Cloud Computing Agreement

European Cloud Computing Strategy

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Checklist for a Watertight Cloud Computing Contract

Legal Aspects of Cloud Computing. Dr. Susann Wolfgram & Ulrike Weinbrenner Dr. Alexander Duisberg (Bird&Bird)

Data Processing Agreement for Oracle Cloud Services

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

BUSINESS ASSOCIATE AGREEMENT

Legal aspects of cloud computing

LEGAL ISSUES IN CLOUD COMPUTING

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

THE CLOUD: OPPORTUNITIES AND ISSUES

Ana Juan Ferrer Cloud Forward 2015, 07/10/2015

The Cloud Challenge: understanding what is "market"?

Application of Data Protection Concepts to Cloud Computing

Cloud Hosting Terms and Conditions

AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING

AIRBUS GROUP BINDING CORPORATE RULES

Business Associate Agreement

Article 1: Subject. Article 2: Orders - Order Confirmation

Position Paper. Orgalime response to the Public consultation on the. collaborative economy - Digital Single Market Strategy follow up assessment

Demystifying cloud computing for SMEs

Trust in the Cloud Legal and Regulatory Framework

Cloud Computing Contracts. October 11, 2012

Cloud computing Alessandro Galtieri Pavel Klimov Severin Loeffler

(a) the kind of data and the harm that could result if any of those things should occur;

ARTICLE 29 DATA PROTECTION WORKING PARTY

Jeanne Kelly, Partner Cloud Computing: The Legal Issues

EDI REGISTRATION FORM Blue Cross of Idaho 3000 E Pine Ave Meridian, Id Fax

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects

Data Protection and Cloud Computing: an Overview of the Legal Issues

Align Technology. Data Protection Binding Corporate Rules Processor Policy Align Technology, Inc. All rights reserved.

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT

Data protection legislation influence on cloud computing from local as well as EU perspective

Managing Outsourcing Arrangements

Data Management Session: Privacy, the Cloud and Data Breaches

Objective and key requirements of this Prudential Standard

COMMISSION STAFF WORKING DOCUMENT. Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe'

LIABILITY FOR NON-COMPLIANCE WITH DATA PROTECTION OBLIGATIONS

The Keys to the Cloud: The Essentials of Cloud Contracting

Legal Issues in the Cloud: A Case Study. Jason Epstein

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

BOLT Software Technology Terms of Use Last Updated: November 4, 2015

Office 365 Data Processing Agreement with Model Clauses

This form may not be modified without prior approval from the Department of Justice.

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

What should you watch out for in click-through cloud contracts? What are the most contentious issues in cloud negotiations?

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:

committed to Europe Digital Communication Services need new rules March 2014

Risk, security, and legal analysisfor migrationto cloud. PART 4: Protection, rights, and legal obligations

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid.

Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union

Cloud and Critical Information Infrastructures

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me?

Intellectual Property in FP7 projects

OFFICE OF CONTRACT ADMINISTRATION PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1

The Cloud Seen from the U.S.A.

Data Protection, Software Licenses and other Legal Issues in the Cloud

NOTICE ON OUTSOURCING

Cloud Computing. Introduction

Checklist for a Coordination Agreement for Coordinated Calls (Option 2)

COMMUNICATIONS ALLIANCE LTD

Policy Brief: Protecting Privacy in Cloud-Based Genomic Research

Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity. Amy Mushahwar, Esq.

INTERNATIONAL ASSOCIATION OF CHIEFS OF POLICE. Guiding Principles on Cloud Computing in Law Enforcement

Viva Energy may from time to time amend, delete or supplement these Terms and Conditions. Any change takes effect from the earlier of:

Legal Cloud Computing: Concepts and Ramifications

Third European Cyber Security Awareness Day BSA, European Parliament, 13 April Panel IV: Privacy and Cloud Computing

Daniel Field, Atos Spain. Towards the European Open Science Cloud, Heidelberg, 20/01/2016

The potential legal consequences of a personal data breach

CCMS Software Provider Business Assurance Statement Deed Poll

Cloud Computing Consumer Protocol. ACS Cloud Discussion Paper July 2013

WHITE PAPER Meeting European Data Protection and Security Requirements with CipherCloud Solutions

ENISA and Cloud Security

Implementing Privacy Compliant Hybrid Cloud Solutions

By using the Cloud Service, Customer agrees to be bound by this Agreement. If you do not agree to this Agreement, do not use the Cloud Service.

CLOUD COMPUTING Contractual and data protection aspects

Transcription:

Role of contracts in Cloud Computing an Overview Kevin McGillivray Doctoral Candidate (NRCCL)

Barriers/Challenges to Cloud Transparency Compliance Legal Shared infrastructure Subcontractors (and their location) Data protection/data privacy regulations Consumer protection Industry specific regulations Jurisdiction, conflicts of laws, extraterritorial application etc. Take-it-or-leave-it Contracts Location of Data Discovery IPR Liability/Tort etc.

Sub-contracting/ Partners

Role of Contracts in Cloud (1) In the cloud context, contracts have played a particularly important role in embracing (and absorbing) some of the challenges associated with the technological innovation. In the first phase, contractual agreements were used to identify and allocate risks and responsibilities and create enforcement mechanisms where existing rules are inadequate (privacy and security, data breach notification, e-discovery etc.). In the second phase..various stakeholders have started to work towards best practice models, using contracts as a way to legally embrace the effects of cloud innovation. Urs Gasser (Berkman 2014)

Role of Contracts in Cloud (2) No law of the cloud General rules are often difficult to apply Few judicial decisions Vague or competing best practices Jurisdictional challenges Contract allows the parties to determine the law -- with limitations Background law, immutable defaults etc. Cooperative role, even if difficult to enforce Contract becomes the foundation for interaction Ongoing relationship between parties

You can't always get what you want Customer needs Regulatory requirements incorporated "Typical" Cloud contract Take-it-or-leave-it standard-k Fixed Scope of Service/ notice prior to amendment or changes (software, providers, etc.). Info on sub-contractors/ "back-toback" contracts in place Local law and forum Warranties/indemnification Termination rights Unilateral right to change terms, scope, providers etc. Lacking "entire agreement (or similar clause) allowing for future changes. Notice? Lack of notice on sub-contractors and contracts used US State No warranties/ wide disclaimers Limited suspension / Termination

Terms CLP at QMUL 2010 CLP at QMUL 2013 Kesan et al. 2013 Vincent et al. 2011 Choice of Law 90% 94% N/A 96% Choice of forum Same as Law Same as Law N/A 96% Confidentiality Security Measures Majority required user to provide Majority required user to Majority required user to provide Majority required user to provide N/A N/A provide Deletion Uncommon Uncommon 33% (time period to delete) Variation Clauses 74% 97% 94.7% privacy policy N/A "very few" "very few" "many" Disclosure of data (legal proceedings etc.) 97% 100% 100% N/A

EU Cloud Computing Strategy

Cutting through the jungle of Standards Creating interoperability and data portability Development of EU-wide voluntary certification schemes Establish a list of standards European Telecommunications Standards Institute (ETSI)

European Telecommunications Standards Institute (ETSI) Final Report In short: the Cloud Standards landscape is complex but not chaotic and by no means a 'jungle. The legal environment for cloud computing is highly challenging. Research into standardized ways of describing, advertising, consuming and verifying legal requirements is necessary. Solutions need to accommodate both national and international (EU) legal requirements.

Safe and Fair Contract Terms and Conditions (1) Develop model contract terms such as: data preservation after termination of the contract, data disclosure and integrity, data location and transfer, ownership of the data, direct and indirect liability SMEs (municipalities?) and Consumers are the apparent focus

Safe and Fair Contract Terms and Conditions (2) Standard SLAs B2B Goal was a model SLA Result was a check-list or tool kit Code of Conduct CSPs Data Protection Practices Government Access etc. Could be included in contract, provide standards Expert Group on Contracts Drafting model terms? Difficult to draft terms for all users

Article 17 of Directive 95/46/EC Security of processing 3. The carrying out of processing by way of a processor must be governed by a contract or legal act binding the processor to the controller and stipulating in particular that: - the processor shall act only on instructions from the controller, - the obligations set out in paragraph 1 [appropriate technical and organizational measures] as defined by the law of the Member State in which the processor is established, shall also be incumbent on the processor.

Many similar contract terms but some with a greater privacy focus Due to SpiderOak's 'zero-knowledge' privacy standard, we do not have plaintext access to any data a user uploads through the SpiderOak application []. It is SpiderOak policy to provide notice to a user about any law enforcement request unless prohibited from doing so by law. SpiderOak provides user information in response to law enforcement requests only in the event that SpiderOak is required to do so by law []. (SpiderOak.com 2014)

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information