The Legal Aspects of Cloud ComputingLegal Compliance Resource
July 22, 2013 — 1,070 views
The increases in the capabilities and pervasiveness of information technology over the past several decades have created a growing gap in effective national and international laws and protocols to effectively address a growing number of legal issues. The impact of cloud computing promises to exacerbate this problem, especially since it, by design, crosses many locales and jurisdictions.
Many of the legal questions being raised to deal with the cloud are only now being considered and addressed. It is a safe assumption that the process will take a number of years before a comprehensive approach to these issues is developed.
A large number of the concerns created by cloud computing center on the issue of customer data. The range of considerations includes ownership, security and control of this data. Other legal issues deal with varied items such as:
• Compliance, local and international’
• Jurisdictional issues, including applicable laws and regulations
• Data portability
• Data protection
• Copyrights and intellectual property rights
• Contractual stipulations
• Liability determinations and limitations
• Dispute and litigation resolution
Due to the global nature of the cloud, many Americans are unaware of the potential implications of dealing with other jurisdictions, such as the European Union. Legislation in the EU dealing with digital and computing issues is more advanced and restrictive than that in the U.S., particularly in areas of privacy and security.
In general terms, experts discuss the development of legislation as dealing with Web 1.0 and Web 2.0. In the first efforts to upgrade legislation, efforts made to clarify specific issues included:
• Copyrights and digital intellectual property
Even in these areas, however, the laws and case history significantly lag real world needs. As Web 2.0 and cloud computing become dominant, additional areas requiring attention of the legal world include:
• Additional privacy issues
• Intellectual property protection and ownership
• Data retention requirements
• Software as a Service issues
• Liability determinations
• Jurisdictional determinations
This partial listing serves several purposes. First, it is an indication of the scope of effort that is required to bring the legal framework of modern IT issues to an acceptable level. Secondly, it serves as something of a warning that the legal environment for those using cloud services is something of an unknown quantity.
This can be a significant issue for a small or even a mid-size to large company. If a data center in Poland goes bankrupt or suffers a major security breach, there are many questions about how those situations would be handled. Just one consideration, for instance, would be the steps that would be required to recover stored data from the subject provider of cloud services.
These issues make it essential for current users of the cloud to carefully evaluate the companies with which they choose to do business. A part of that process is to carefully review service agreements and stated responsibilities and liabilities. Clients should consider the inherent conflict in cloud computing and local IT services. Use of the cloud implicitly indicates a reduction of local control of data and services. This loss of control must be balanced by proper legislation and protocols in dealing with the providers of cloud computing capabilities. Unfortunately, many current cloud computing service agreements contain language that severely limits the vendor’s liability, in spite of significant potential risks.