Transcript EuroCloud Ireland & Irish Computer Society July 1st 2010 Philip Nolan

Cloud Computing
climate change for legal contracts ?
EuroCloud Ireland & Irish Computer Society
July 1st 2010
Philip Nolan/ Jeanne Kelly
Partners, Mason Hayes+Curran
Overview
•
•
•
•
•
Well documented problems
Changing Cloud = Changing Rules
Competitive Contracts
Data Protection
On the horizon?
Cloud Law 1.0
• A new technology = new legal challenges
• Challenges now well known:
– No contract between provider and end user
– As-is clauses
– Data protection obligations
– Multiple jurisdictions
• But the cloud keeps evolving
World Economic Forum: Exploring the
Future of Cloud Computing
– Established benefits (scalability, elasticity, cost)
only represent the tip of the iceberg.
– Second wave of cloud computing benefits on the
horizon:
• Increased ease of collaboration
• Levelling the playing field between big and small firms
• Emerging economies likely to leapfrog to higher levels
of development
New Applications for the Cloud
• Moving rapidly beyond ‘traditional’ cloud uses
– IaaS
– Storage
– SaaS
• E.g. GS1 Ireland
– DataSync.ie
– Tracking Medication
Cloud Law 2.0
• Shift in the attitude towards legal issues
• Not merely an obstacle, but a commercial
opportunity
– Providers starting to compete on terms
– Real choice
• Regulators specifically considering the cloud
LA-Google SaaS Contract
• Approved October 2009
• City of Los Angeles shifting to Google Apps for
email, word processing etc…
• Even police records
• Key government organisation making the shift
to the cloud
• Reason for the decision?
LA-Google SaaS (2)
• PC World April 8 2010
– “Google moved early to make this a contest over
which company offers the best contract terms and
legal protections in cloud environment”
• Contractual terms operated a source of
competitive advantage
So what did Google agree to?
• City can cancel at will
• Extensive right to audit the data
• Google cannot release or view data without
prior approval
• Penalties for loss of service
• Unlimited Liability for security and data
breach
Terms are a differentiator
•
•
•
•
LA an exception?
Less negotiating power
But real competition and choice
Not just doom and gloom.
Example 1: Microsoft Azure
• Generous use of Service Credits
• Provision of limited warranty
• Implement reasonable security measures
Example 2: Google Apps Premier
• Google will protect users’ confidential
information to the same standard it protects
its own
• No liability cap for breaches of confidentiality
• Compliance with SLA – Warranty
Example 3: Hosting 365
• Service will be provided with due skill and care
• Will comply in all material respects with SLA
• Fixed term contract
Key idea
• Vendors can and do compete on terms of
service offered – legal aspects are a source of
competitive advantage
• Not all terms are made the same, purchasers
have a real choice.
Data Protection
• Four big developments
– Opinion 1/2010
– New Model Contracts
– Data Breach Notification
– Schleswig-Holstein DPA opinion
• Operate within existing framework
Opinion 1/2010
• Article 29 Working Group
• Refined core distinction between “processors”
and “controllers”
• Processors retain discretion as to most
suitable technological and organisational
means
New Model Contracts
• Exporting data out of EEA is tricky
• Approved Contract Terms
• Now allow for sub-processing
Draft Security Breach Code
• Very common in US
• Must inform DPC unless:
– Data inaccessible due to security measures
– < 100 individuals, who have been informed
directly and not financial or sensitive personal
data
• No materiality threshold
• Detailed report required » possible expense
Schleswig-Holstein DPA Opinion
• 18 June 2010
• SAS 70 Type II Certificates ≠ legal compliance
• Data protection law is a separate matter
On the Horizon
• European Commission, Opportunities For
Cloud Computing Beyond 2010
• Cloud Governance key
– Standards for Clouds: Open Source or Proprietary?
– Cloud mobility: Avoiding Lock in
Cloud Computing
climate change for legal contracts ?
EuroCloud Ireland & Irish Computer Society
July 1st 2010
Philip Nolan/ Jeanne Kelly
Partners, Mason Hayes+Curran