This is the paper I presented at the Harvard Institute for Global Law and Policy 5th Conference, on June 3-4, 2013. I decided to make it available open access on SSRN. I hope you will enjoy it and I will be very pleased if any of the readers would provide comments and ideas. The main argument of the paper is that we need global solutions for regulating cloud computing. It begins with a theoretical overview on global governance, internet governance and territorial scope of laws, and it ends with three probable solutions for global rules envisaging the cloud. Among them, I propose the creation of a “Lex Nubia” (those of you who know Latin will know why 😉 ). My main concern, of course, is related to privacy and data protection in the cloud, but that is not the sole concern I deal with in the paper.
The most common used adjective for cloud computing is “ubiquitous”. This characteristic poses great challenges for law, which might find itself in the need to revise its fundamentals. Regulating a “model” of “ubiquitous network access” which relates to “a shared pool of computing resources” (the NIST definition of cloud computing) is perhaps the most challenging task for regulators worldwide since the appearance of the computer, both procedurally and substantially. Procedurally, because it significantly challenges concepts such as “territorial scope of the law” – what need is there for a territorial scope of a law when regulating a structure which is designed to be “abstracted”, in the sense that nobody knows “where things physically reside” ? Substantially, because the legal implications in connection with cloud computing services are complex and cannot be encompassed by one single branch of law, such as data protection law or competition law. This paper contextualizes the idea of a global legal regime for providing cloud computing services, on one hand by referring to the wider context of global governance and, on the other hand, by pointing out several solutions for such a regime to emerge.
You can download the full text of the paper following this link: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2409006
Posted in Academic Resource, Comments, DP Fundamentals, Europe, News, US and Canada, World
Tagged cloud computing regulation, convention 108 and cloud computing, data protection in cloud computing, Gabriela Zanfir, lex nubia, privacy in the cloud, virtual territorial scope, what happens in the cloud stays in the cloud, WTO and cloud computing, zanfir cloud computing
Authors: Damon C. Andrews, John M. Newman
Cloud computing has revolutionized how society interacts with, and via, technology. Though some early detractors criticized the “cloud” as being nothing more than an empty industry buzzword, we contend that by dovetailing communications and calculating processes for the first time in recorded history, cloud computing is — both practically and legally — a shift in prevailing paradigms. As a practical matter, the cloud brings with it a previously undreamt-of sense of location independence for both suppliers and consumers. And legally, the shift toward deploying computing ability as a service, rather than a product, represents an evolution to a contractual foundation for all relevant interactions.
Already, substantive cloud-related disputes have erupted in a variety of legal fields, including personal privacy, intellectual property, and antitrust, to name a few. Yet before courts can confront such issues, they must first address the two fundamental procedural questions of a lawsuit that form the bases of this Article — first, whether any law applies in the cloud, and, if so, which law ought to apply. Drawing upon novel analyses of analogous Internet jurisprudence, as well as concepts borrowed from disciplines ranging from economics to anthropology, this Article seeks to supply answers to these questions. To do so, we first identify a set ofnormative goals that jurisdictional and choice-of-law methodologies ought to seek to achieve in the unique context of cloud computing. With these goals in mind, we then supply structured analytical guidelines and suggested policy reforms to guide the continued development of jurisdiction and choice of law in the cloud.
Full text: Digital Commons Network
Posted in Academic Resource
Tagged antitrust in the cloud, choice of law, civil procedure, cloud computing, complex litigation, conflict of laws, copyright in the cloud, Damon C. Andrews, Digital Commons Network, John M. Newman, Maryland Law Review, personal jurisdiction, privacy in the cloud
Márton Domokos writes for “The Privacy Advisor” that On 18 July, the Hungarian Financial Supervisory Authority-PSZÁF (HFSA) issued a circular for Hungarian financial institutions on the use of cloud computing technologies. It is the first time in Hungary that a regulatory authority issued such an opinion. The document outlines detailed proposals for financial institutions on data classification, pre-contracting tasks and the contents of the service agreement with the cloud provider.
The HFSA expressly reminds the management, IT internal audit, compliance and legal departments of financial institutions that if the company is willing to use cloud computing services, they shall pay particular attention to the following.
Obtaining cloud services is considered as “outsourcing” under the Hungarian sector-specific regulations which results in the application of certain additional rules; e.g., notification to the HFSA, specific data processing obligations.
It is important to continuously monitor the changes in the regulations of the EU affecting cloud computing services, practices and best practice recommendations.
It is also essential to keep an eye on the Hungarian and EU data privacy provisions and practices—in particular to practices and resolutions concerning cross-border data transfers or data transfers to third countries.
The relationship between the master services agreement to be concluded and the related SLAs shall be harmonised.
According to the HFSA, it is important to classify the data processed by the financial institution before determining which data can be transferred to the cloud at all. The circular states that it is not recommended to process bank secrets, personal data or other sensitive data in the public cloud and reminds that the physical storage or place of procession of data in the public cloud in particular, e.g., outside of the European Economic Area or the Safe Harbor, substantially influence the possibility of compliance with the EU data protection regulations.
Read the whole text HERE.
Posted in News
Tagged cloud computing, cloud computing technologies, data classification, data protection, financial institutions in the cloud, HFSA, Hungarian Data Protection Agency, Márton Domokos, personal data, personal data protection, privacy, privacy in the cloud, the cloud, the right to privacy