Archive for the ‘Legal and governance issues in the cloud’ Category

A new goldmine: making official data public could spur lots of innovation


Government data


18 May 2013 – After a Soviet missile shot down a South Korean airliner that strayed into Russian airspace in 1983, President Ronald Reagan made America’s military satellite-navigation system, GPS, available to the world. Entrepreneurs pounced. Car-navigation, precision farming and 3m American jobs now depend on GPS. Official weather data are also public and avidly used by everyone from insurers to ice-cream sellers.

But this is not enough. On May 9th Barack Obama ordered that all data created or collected by America’s federal government must be made available free to the public, unless this would violate privacy, confidentiality or security. “Open and machine-readable”, the president said, is “the new default for government information.”

This is a big bang for big data, and will spur a frenzy of activity. Pollution numbers will affect property prices. Restaurant reviews will mention official sanitation ratings. Data from tollbooths could be used to determine prices for nearby billboards. Combining data from multiple sources will yield fresh insights. For example, correlating school data with transport information and tax returns may show that academic performance

Read more

What are data protection regulators looking for in cloud computing contracts?

8 January 2013 – The recent rise of cloud computing – both for businesses and at consumer level – is providing a decent challenge for the regulators tasked with applying established data protection principles to this new and fast-developing industry.

Until last year there had been little guidance at UK or EU level. However, in July 2012 the Article 29 Working Party – the independent advisory body made up of data protection regulators from across the EU member states – released its Opinion on Cloud Computing (05/2012). This was closely followed by guidance from the UK regulator, the Information Commissioner’s Office (ICO). The ICO’s Guidance on the Use of Cloud Computing was published in September 2012.

The working party and ICO have attempted to provide workable and commercial solutions for both cloud suppliers and their customers. Both regulators have concluded that data protection legislation should not be a bar to using cloud services, but that certain measures must be put in place, mainly by the customer, to ensure compliance with the data protection principles at each stage of the cloud … Read more

Amazon cloud entry in Australia poses legal concerns to business; attempt to avoid the U.S. Patriot Act?

13 November 2012 – E-commerce giant Amazon’s plans to offer data and computer hosting services through Australian data centres from this week will not indemnify customers from legal action in the United States, legal experts have warned.  Amazon’s hosting division will today announce plans to offer public cloud services – computers and hard drives that companies can lease for a fraction of the cost of purchasing a similarly capable machine – for the first time within Australian borders.

The move has been touted as a “game changer” for high-risk sectors like finance and government, which are traditionally kept from storing critical data outside of Australia. The introduction of Amazon-hosted services in Australia is thought to have been spurred by those concerns, providing local companies with the ability to store data in local facilities rather than data centres in the US, Singapore or Europe.

But lawyers told The Australian Financial Review the move will not immunise local companies from subpoenas issued by US courts or regulators. “The fact that Amazon holds data in Australia makes no difference to its obligation to … Read more

Big Data in Law: Cloud Challenge, Analytics Opportunity

31 October 2012 –  The legal profession may have begun on Mount Sinai, where Moses delivered The Ten Commandments. But today, it’s heading into the cloud, where the privacy and security of big data are dramatically changing the legal landscape—especially internationally.

A good illustration came recently, when European Union regulators ordered Google to bolster its privacy policy. The EU put the search giant on notice, saying it must alter the way it discloses and uses personal information collected over the Internet. It also voiced concern that Google may be gathering more data than it really needs.

These days, such stories are as numerous as iPhones on the subway. From Google to Facebook, the Internet pantheon is under siege from regulators worldwide, who fear that what little remains of personal privacy may soon be gone.

For more from Forbes magazine click here.… Read more

Cloud Computing: New Article 29 Working Party Opinion

3 July 2012 – The Article 29 Working Party has adopted a new Opinion which ‘analyses all relevant issues for cloud computing service providers operating in the EEA and their clients’.

The Article 29 Working Party, the working party made up of the various European data protection authorities which acts as independent European advisory body on data protection and privacy, adopted an Opinion on 1 July on cloud computing.

The Opinion may be read by clicking here.

The Executive Summary is as follows:

In this Opinion the Article 29 Working Party analyses all relevant issues for cloud computing service providers operating in the European Economic Area (EEA) and their clients specifying all applicable principles from the EU Data Protection Directive (95/46/EC) and the e-privacy Directive 2002/58/EC (as revised by 2009/136/EC) where relevant.

Despite the acknowledged benefits of cloud computing in both economic and societal terms, this Opinion outlines how the wide scale deployment of cloud computing services can trigger a number of data protection risks, mainly a lack of control over personal data as well as insufficient information with Read more

French CNIL Cloud Guidelines Address Controller vs. Processor Issues

25 June 2012 – The French CNIL’s new guidelines on cloud computing revisit the tricky question of whether a cloud provider is a data processor or a data controller. The CNIL says that a cloud provider will generally be considered the data processor, but that the provider will become joint controller with the customer if the cloud customer lacks any real autonomy in the negotiation of the contract and in defining how the data are processed.

If the cloud customer is not able to give instructions to the cloud provider and must accept the cloud provider’s proposal “as is,” the CNIL will consider the cloud provider as joint controller, jointly liable with the customer for compliance with French data privacy laws. The CNIL’s guidelines indicate that providers of private clouds will generally be deemed processors, but that providers of public SaaS or PaaS cloud services will often be deemed joint controllers.

For more from the Hogan Lovells Chroncile of Data Protection click here.… Read more

Managing risk in a public cloud environment: cloud computing insurance

23 January 2012 –  In an interesting post today, Brian Gracely (Director of Global Solutions at EMC) relates how  a couple weeks ago there was an interesting discussion on Twitter amongst the “clouderati” about ways to manage risk in a public cloud environment.  It was fragment off the discussion that James Urquhart started about how “Cloud is complex” and one from Alistair Croll and 2012 cloud predictions.

Beyond the normal discussion about how companies need to “design for failure” (re: applications) when using public clouds, someone brought up that SLAs will need to evolve before companies can better mitigate risk. Most people tended to dismis this, since SLAs usually only compensate customers for the service value of the outage window (eg. $/hour of compute time), not for any value related to lost business due to downtime, lost data or a security breach.

So Brian got to thinking about what it might mean to obtain an insurance policy to protect against “loss” as a result of a public cloud service.  His initial thoughts fell into a couple buckets:

  • What would/could be
Read more

Leading-Edge Law: Consider the legal effort required to move to the cloud

24 October 2011 – Many businesses are eager to move all or part of their business computing systems into the cloud. Before taking the leap, give thought to the total cost and legal issues associated with such a move.  What constitutes “cloud computing” is fiercely debated, but I define cloud computing as using software and/or data storage that is located remotely and that is accessed via an Internet connection, rather than using computers in your offices or remote computers you own and access by a dedicated transmission line.  The biggest issues businesses contemplating moving to the cloud need to understand are the breadth of the contract-negotiation task and how that impacts the cost-benefit analysis.  Entering into a cloud-computing contract will (or at least should) force your business to negotiate contractual terms addressing all of the risks and concerns you may have in the future with the computing systems that you will put in the cloud.

For more click here.… Read more

In Australia, cloud computing “requires regulatory reform” says an expert

20 September 2011 —  Cloud computing in Australia is one area which requires significant regulatory reform, according to one expert.  Ulf Pehrsson, Telefonaktiebolaget LM Ericsson regulatory and government relations chief, and Business Europe internal market committee chairman, told The Australian that he would advise the government to focus on the cloud as well as issues such as copyright.

He said that many of the challenges facing Europe also apply to Australia, adding: “To get the well-functioning digital single market and services and applications able to be delivered over the network and successful digital market I think is very much a common challenge to all countries, including Australia.”

During Mr Pehrsson’s visit to Australia he has briefed communications minister Stephen Conroy and representatives of Attorney-General Robert McClelland and the Department of Trade.

Last month, the ISACA in Australia issued a new guidance report on governance of cloud computing technology in a bid to help businesses assess the risks the technology can pose.… Read more

Cloud computing after death: digital data pass down


13 September 2011 –  From Edwin Kee of the Ubergizmo website:

Now if there is one thing that our great grandparents need not worry about when they died was whether they had any digital data to pass down to their descendants – these days, with so many of us having our lives inter-twined in the computer world, what will happen to our blogs, websites, and digital information when we pass on?

To date, laws in the US as well as other countries have proved to be rather vague where the fate of digital rights to online accounts after death are concerned – which might lead to extremely complicated legal processors amongst the survivors who want to access the online services of the deceased.

Legal experts have yet to come to an agreement as to who owns what in the internet “cloud”, and hence some service provides decided to terminate the account of a deceased person. As for online photo albums, “those photos are yours and you have a copyright, but the problem is if you upload them to a … Read more