Email: [email protected] Mike Chapple demonstrates how to conduct risk assessments, articulate legal requirements, and understand the audit processes, methodologies, and adaptations required in a cloud environment. Financial. However, a highly optimized public cloud presents a variety of legal risks … If we accept the validity of this theory, all the European privacy implication such as data anonymization, sharding of fragmentation data and encryption[27], will not apply to cloud providers that don’t have access to decryption keys. OutlookA growing number of applications and services integrate cloud computing technology. T-Mobile consumers might assert various legal theories against T-Mobile for damages if their data are not fully restored, or if T-Mobile fails to act promptly and reasonably to mitigate damages to consumers. The risks related to the availability of a cloud service are less severe, but still damaging. The most controversial case, for instance, happens in data mining cases where the cloud generates/finds new content. Our analysis revealed that plaintiffs and defendants were from the same industries and likely had competing products and services. The results confirmed that cloud computing technologies are increasingly incorporated in products and services that are reliant on technologies which enable communication and processing in the Cloud. Cloud computing is growing in popularity and has become a solution for issues that have plagued organizations and overtaxed IT departments for years. In a word, the Cloud Computing Data Center IT Asset Disposition (ITAD) Market report provides major statistics on the state of the Cloud Computing Data Center IT Asset Disposition (ITAD) industry with a valuable source of guidance and direction … In [2] the authors proposed, the constraint on the security risks and challenges of cloud computing and study the security requirements for cloud computing. Legal risk analysisWe analysed alleged infringers (ie, defendants) in cloud computing patent litigation in order to clarify the legal risks involved in using and integrating cloud technologies. «Every kid coming out of Harvard, every kid coming out of school now thinks he can be the next Mark Zuckerberg, and with these new technologies like cloud computing, he actually has a shot.» Risks arising from the use of cloud services in the context of legal proceedings Whilst the risk profile of using cloud services across the EU will likely change once the SLA guidelines and the EU Data Protection Regulation are adopted fully, businesses with exposure to litigation and regulatory investigations should be aware of the types of risks that are inherent when using cloud services. ORLANDO, Fla. — Cloud computing was a hot topic at this week's Storage Networking World show, but one attorney sounded a warning note about the rush to the cloud. What is technically easy, however, could bring serious legal complications, and in the same way that the cloud environment is made by different layers of services (Software, Platform and Infrastructure as a service), it is also made by several layers of risks which include every thinkable area of the law. The parties need to consider carefully whether to accept a clause with a foreign jurisdiction for their cloud contracts (given that they have any sort of negotiation power), since claims and disputes are all but infrequent in the cloud industry. To identify the companies risking litigation for their cloud technologies, we identified the patent portfolios that cited US-litigated patents. Three different types of services comprise the cloud computing services generally known as the cloud “stack.” Understanding these various services may provide important context when evaluating the legal and business considerations implicated by the use of the cloud. As cloud computing applications are regularly integrated into complex cloud systems, companies must ensure that their cloud-based solutions are not inadvertently infringing patented inventions. In fact, in these events, it is not sure who owns such content, and if contract law does not provide a clear answer, we would find ourselves in a legal grey area open to interpretations and speculations. Cloud computing has the potential to revolutionize how we invent, develop, deploy, scale, update, maintain and pay for data and applications, as well as the infrastructure on which they run. This drastic surge was mainly driven by patent assertion entities (PAEs), which purchase patents (eg, from a bankrupt firm) and then sue other companies by claiming that one of their products or technologies infringes on the purchased patent. We then analysed litigation where PAEs were plaintiffs. Prof. Clayton M. Christensen – Harvard Business School. It has become crucial for companies to reduce costs, improve... Optimal IT Resource management in cloud computing. . If it undoubtedly positive that cloud providers move and adapt nimbly in the thorny issues that this technology naturally brings with it, on the other hand, there is always the spectrum of the danger that leaving such open margins may lead to abuses that will eventually go in the opposite direction of innovation. [33] Pursuant to article 33 of the GDPR, «In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons». Depending on the nature of the service and its importa… The information that the cloud provider receives and stores is beyond any doubt owned by the client, because it is generated outside the cloud. The correct applicability of the law in relation to any pathologic event that involves the contract (for instance for any breach), is certainly matter of civil law, that, however, lay itself open to strategic choices as for the forum choice[32] or for the choice of alternative dispute resolution mechanisms. CommentThis research is an extract of an ongoing study around patent activities in the space of cloud computing. These are: The concept of “service layering” that applies to the various cloud services, in fact, could be either intended as the single layer of infrastructure/software/platform provided, or as the combination of more than one of the services (for instance, frequently, IaaS e SaaS or PaaS and SaaS). While PAEs tend to focus on specific technologies, their assertion strategies target multiple industries. Patented cloud technologies are not only relevant for internet-based businesses, but are also increasingly used in retail and financial services. View website An … Starting off with data privacy, one of the first issues that we should bear in mind when thinking about cloud computing is related to the applicability of the European General Data Protection Regulation (GDPR)[23]. Elasticity: defined as the ability to «scale rapidly outward and inward commensurate with demand». Operational 4. Cloud computing is the top technology that is disrupting enterprise and consumer markets around the world, thanks to its ubiquity and widespread usage. Five major risks are: 1.Data security and regulatory 2. Customers are becoming more and more aware of privacy risks and are taking such concerns very seriously; on the other hand, companies do not want to be seen as “law avoiders” or bad actors, and tend to accommodate this higher-level of compliance[28], also as a differentiation strategy from smaller competitors (who can’t usually afford it). Economics: through which consumers use the service on-demand, and for the time strictly needed, Infrastructure as a Service (IaaS): this model provides servers (either physical or virtual), cloud-based storage as well as applications that the administrator will use to set up its service, Software as a Service (SaaS): means «the capability provided to the consumer […] to use the provider’s applications running on a cloud infrastructure», Platform as a Service (PaaS): it is a platform within which developers can build and deliver their applications. Cloud computing is a skyrocketing business. Australian Cloud providers have been given a boost following warnings from a legal expert on the risks associated with hosting data offshore. Litigation, indeed, is another complex issue that might arise. Another – and last – delicate point, is related to the liability of the cloud provider for illegal content uploaded by their clients[37]. Recalling that cloud computing services and products often operate using multiple systems and technologies, the data suggests that these services and products have an increased risk of litigation, since the patented cloud technologies at their core were once subject to legal action. Using the words of Max Weber «the rationalization and systematization of the law in general and … the increasing calculability of the functioning of the legal process in particular, constituted one of the most important conditions for the existence of … capitalistic enterprise, which cannot do without legal security»[39]. [38] According to article 13 of the E-commerce directive, «[…] Member States shall ensure that the service provider is not liable for the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient the information’s onward transmission to other recipients of the service upon their request, on condition that: (a) the provider does not modify the information; (b) the provider complies with conditions on access to the information; (c) the provider complies with rules regarding the updating of the information, specified in a manner widely recognised and used by industry; (d) the provider does not interfere with the lawful use of technology, widely recognised and used by industry, to obtain data on the use of the information; and. . On the one hand, it might be good for companies to be able to navigate the vacuum left by worldwide regulators comfortably, and at a fast pace. Termination or suspension of service. Alongside their target industry, each defendant’s annual revenue (fiscal year 2016) was considered. Vendor 5. The Banking Cloud Rules also set out comprehensive guidelines which banks must follow in order to comply with the regulator’s requirements on the use of cloud computing and/or offshoring of data. In the second part there will be an overview of the most relevant issues around cloud computing and its three service layers. Cloud space litigationA recent study revealed that US patent litigation involving cloud technologies has increased by 700% over the past four years (for further information please see “Cloud computing patent litigation on the rise”). The ability to engage in Cloud Computing is not limited by the specific location of the remote server, although some of the factors noted above, including choice of law clauses, and concerns about access to data in the event of a service interruption or an emergency, may be implicated by the location of the storage server and the extent of backup service provided by the vendor. As Figure 4 illustrates, these companies include the largest cloud computing providers (eg, Amazon, Microsoft, IBM and Google), and companies with business models which rely heavily on cloud computing technologies (eg, Salesforce, Facebook and Cleversafe). In fact, if the data processed[24] by the cloud provider is “personal data”[25] and it is related to UE citizens, so the provider would need to be compliant with the new EU privacy regulation, even if its servers or its headquarters are located abroad, which is the case of most cloud providers (Amazon, Alphabet, Microsoft, IBM – all the largest providers are, indeed, located in the United States). Security issues. The three models described below are used to define the different types of services that usually go under the general name of “Cloud” computing[12]. Concluding with privacy-related issues, it is worth mentioning the principle that states that no data can be transferred outside the European Union without an adequate level of protection, according to article 45 of the GDPR[35]. «A strategy is nothing but good intentions unless it’s effectively implemented». Marc Andreessen – Netscape founder. As covered entities maintain and transmit more and more data electronically, cloud computing may become attractive and cost-effective. In view of this, affirming that the legislation in which cloud computing operates is complex is probably an understatement. Before considering cloud computing technology, it is important to understand the risks involved when moving your business into the cloud. [26] K. Hon – C. Millard – I. Walden, The Problem of ‘Personal Data’ in Cloud Computing. So, through this article I will explain to you the legal risks involved in Windows 8 cloud computing. Recalling that cloud computing services and products often operate using multiple systems and technologies, the data suggests that these services and products have an … As Figure 2 illustrates, over 50% of defendants were multi-billion dollar companies. 144 Nuovo Codice Privacy – D.lgs 196/2003 aggiornato al D.lgs 101/2018. Scopri di più sulle privacy practice di Mailchimp cliccando qui. The first part of this article will focus on describing the characteristics of this technology and the concept of optimal resource allocation. - Tutti i diritti riservati. Recalling that cloud computing services and products often operate using multiple systems and technologies, the data suggests that these services and products have an increased risk of litigation, since the patented cloud technologies at their core were once subject to legal action. Cloud Computing Imposes Legal, Regulatory, and Business Risk Most companies operate under risk constraints. As reported in T. Dillion – C. Wu – E. Chang, Cloud Computing: Issues and Challenges, IEEE International Conference on Advanced Networking and Applications, 2010, p. 1. Availability. Otherwise, as a general rule, the company can only store data in European data centers. Cliccando iscriviti confermi di sapere che le tue informazioni saranno trasferite a Mailchimp per essere processate. © 2020 CyberLaws. IPlytics GmbH Further, these companies were roughly the same size in terms of revenue. CW500: The legal risks of migrating to the cloud. Tim Pohlmann Legal issues have risen with the changing landscape of computing, especially when the service, data and infrastructure is not owned by the user. According to Oppenheim (2011), “ All EU member states have data protection laws that are broadly similar, as they are obliged to implement the EU Directive on data protection, but even in these cases, the laws aren’t identical” (p. 26). Further, the increased litigation in retail and financial sectors indicates that cloud technology integration seems to have a significant impact on a company’s revenue, since PAEs are unlikely to target niche products. To capture this relationship, we searched for patents that had been cited by cloud-related patents and identified those that had been the subject of US litigation. Business customers need to be aware of the significant legal risks and implications associated with cloud computing. Books Advanced Search Today's Deals New Releases Amazon Charts Best Sellers & More The Globe & Mail Best Sellers New York Times Best Sellers Advanced Search Today's Deals New Releases Amazon Charts Best Sellers & More Cloud companies usually provide one or more service layers to their clients; these services can contain both a physical as well as an abstraction layer. The analysis conducted by IPlytics intends to shed light on the potential legal risks for cloud technology users. However, the impression is that businesses are underestimating legal risks related to this technology, while they prefer to focus their attention more on business risks, which are typically short-term issues threatening profits and margins. understand and mitigate these risks to better leverage their cloud computing initiatives. Such a transfer shall not require any specific authorisation». According to the IDC Enterprise Panel[21], in fact, the challenges and risks that are preventing businesses to adopt cloud computing are (in order of importance[22]) security issues, performances, availability, difficulty to integrate and customize with in-house IT and preoccupation of increasing costs. Done well, cloud computing … Another legal risk is related to the costs that the company might suffer as a consequence of data breach within the cloud. It has become crucial for companies to reduce costs, improve network and storage security, and offer a wide range of services with relatively limited resources. However, this is not the case in many other countries, where – especially in common law jurisdiction – the law might not be clear enough and a revirement from the highest courts is always around the corner. When it comes to information generated inside the cloud, however, the situation changes. Services in the Cloud. Exploitation of system and software vulnerabilities within … Technology 3. Our research suggests that these patented cloud technologies are increasingly subject to litigation, often involving PAEs that sue multi-billion dollar corporations across all industries. As it is pointed out by P. Paschalidis, Freedom of Establishment and Private International Law for Corporations, UOP Oxford, 2012, par. You should carry out a risk assessment process before any control is handed over to a service provider.. This is a co-published article whose content has not been commissioned or written by the IAM editorial team, but which has been proofed and edited to run in accordance with the IAM style guide. Security risks of cloud computing have become the top concern in 2018 as 77% of … Trubek, Max Weber on Law and the Rise of Capitalism, Yale Law School Legal Scholarship Depository, 1972, Avendo preso visione dell'informativa sulla Privacy di CyberLaws, presto il mio consenso ad essere contattato per la newsletter e altre iniziative di marketing di CyberLaws. This poses some threats for its reputation as well as it exposes the company to civil liability that might arise because of the breach. Cloud technologies often provide the basic technological platform for server-based applications (eg, a retailer’s payment system or a bank’s accounting system). 112-117, [10] The concept of pay-per-use and pay-per-charge is mentioned in T. Mell – P. Grance, The NIST Definition of Cloud Computing, see supra note n. 5, [12] As it is pointed out by Hold, Millard, Walden, «These services may be viewed as a spectrum, from low-level functionality (IaaS) to high-level functionality (SaaS), with PaaS in the middle» in The Problem of ‘Personal Data’ in Cloud Computing. What Information is Regulated?, Queen Mary University of London, School of Law Legal Studies Research Paper, 2011, [13] Jamsa, Cloud computing, Jones & Bartlett Publishers, 2012, p. 6, [14] Defining IaaS, PaaS and SaaS, IBM, 2018, available at: https://www.ibm.com/cloud/learn/iaas-paas-saas, [18] K. Selden, Rethinking the Cloud: Legal Aspects of Cloud Solutions, University of Colorado, Technical Services Law Librarian, 2013, p. 34, [20] See A.S.Y. Separation Among Multiple Tenants Fails. Despite cloud computing being around for quite a long time, legislators around the world – with few exceptions –  haven’t really made an effort to adapt regulations to fully reflect the complexity of this increasingly important technology. Obviously, a private cloud gives the organization greater control over the infrastructure and computational resources. As Figure 1 illustrates, the defendants in this type of cloud computing patent litigation originated from various industries and targeted the financial, internet and retail sectors. As broadly written cloud-related patent claims may cover an unforeseeable range of solutions that run on the Cloud, companies which use cloud computing technologies face an unpredictable level of legal risk. Dennis Garcia – Associate General Counsel, Microsoft Inc. In this sense, we have noticed that companies are more worried about the short-term business implications rather than legal issues. The costs of investigating and resolving a breach, associated legal expenses, and the losses to a company’s reputation, can be enough to shut its doors. In a presentation titled "Computing (strike that — Litigation) in the Cloud," Steven Teppler, senior counsel at KamberEdelson in New York, said cloud computing and services are a corporate counsel's nightmare. However, all this does not come for free, and the legal implications of this technology are delicate, numerous and often hidden in complexity. Defendants involved in multiple cloud-related patent litigation included: However, the defendants that were sued by PAEs included: The results confirmed that PAE litigation in the cloud space clearly targets industry leaders, and that a wide range of industries is involved in cloud computing patent litigation. Many such services face the risk of misuse of the service by placing inappropriate or illegal data in the cloud. https://www.innovativearchitects.com/.../cloud-computing-risks.aspx Cloud minimizes the costs of transforming a concept from the ideal to the reality stage, making the implementation software easier than ever before. The cloud … Top Five Legal Issues For The Cloud Service levels. In the EU, the Directive 2000/31/EC (E-Commerce directive) protects cloud providers with an exception for liability in case the cloud provider only engages in the activity of caching[38] data (thus, when it does not modify of have actual knowledge and control over the information). Although definitions of cloud computing are commonly contested, most authors agree that the three following characteristics always apply to cloud computing technologies[6]: In this context, what has come to be referred as the “optimal resource allocation” or “optimal IT resource management” of this technology, is the fact that it allows the user to buy only the service that he actually needs, without requiring costly investments for the purchase of the infrastructure that would become – anyways – outdated, shortly after[9]. Commentators believe that «data encrypted and secured to recognized standards should not be considered ‘personal data’ in the hands of those without access to the decryption key»[26] since they offer nothing else than “utility infrastructure services”. The data also showed that for each litigated patent, PAEs target at least three major industry verticals. Moreover, it is part of the ideal “optimally managed” scenario the fact that the cloud provider bears all the costs of set-up, maintenance, updates, security, management and also – and most importantly – all the energy costs necessary to run the infrastructure, while the client will be only charged under a pay-per-use or charge-per-use criteria[10] at a small fraction of them. almost every major US internet or software company. In the case of the US, the cloud provider need to be indicated in the “Privacy shield list”[36] available on the official International Trade Administration of the U.S. Department of Commerce. @IAM_magazine Philips is betting on Indian courts in its campaign to sign up Chinese SEP licensees, two new cases show… https://t.co/YIKE9Fcy9L Read more, @IAM_magazine RT @jacknwellis: BREAKING: Singapore grants world’s first regulatory approval for ‘lab-grown’ meat https://t.co/OrThAWBP9F Read more, @IAM_magazine Conversant and Tesla agree licensing deal ending litigation between the pair https://t.co/XVhHRVkKHj https://t.co/2d6TfHRuPI Read more, @IAM_magazine A unitary EU SPC system may be on the cards, but there are hurdles to overcome: https://t.co/0tOPpxN0bP https://t.co/jyKfMqfoDn Read more, © Copyright 2003-2020 Law Business Research, Cloud computing patent litigation on the rise. Loss or theft of intellectual property. From data privacy[20] and data security to data property, copyright and IPRs, freedom of information, contractual issues (civil liability for stolen or lost data as well as services interruption), and even to VAT treatment of such services. In this course, learn about legal, risk, and compliance issues in the world of cloud computing as you prepare for the CCSP exam. Cloud computing has been defined as the «model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources»[5]. Bringing back the initial question, what are the legal issues that arise from cloud computing and its multiple-layer structure? Cloud computing is a skyrocketing business. Even if public law is unfortunately of little use in giving answers, the hope is that regulators will find a way to ensure that these services are not only protected with civil law, but, since they’re becoming essentials to the society, they will be granted some sort of public-law safeguard. Nevertheless, a company’s cloud-based applications or services may still relate to those early patents. No one would think that putting data in the cloud would be able to change its ownership status[31], that is – among others – protected under copyright law. [35] According to article 45 of GDPR «A transfer of personal data to a third country or an international organisation may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection. [34] Article 34 of GDPR: «When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay». If a data breach wasn’t bad enough, there is an even worse cloud security threat - it can … In similar cases, for instance in scenarios of loss of data, the company might suffer financial damage due to the compensation that would have to provide to the customer both for the actual loss as well as for the loss of profits as a consequence of the breach. Staying on top of the ever-changing technology and tools available today can be daunting and give rise to complex legal issues and risks. Many of these cloud server technologies were developed and patented several years before cloud computing was widely adapted for multiple industries. As for data property, if it is true that the «essence of cloud computing is that a customer entrusts its own digital information, together with that of third parties, to the cloud computing service provider»[29] (particularly true in case of IaaS and PaaS, where the cloud provider is nothing more than a “utility infrastructure service”[30]) so what happens to the ownership rights related to it? Imagining all this in a more delicate environment, for instance, in relation to services such as healthcare, public safety or the military, puts ease to see how this could impact a broader spectrum of subjects, and therefore, leaves a gigantic question mark on how citizens can expect some protection from these services to be always working. As Figure 3 illustrates, an increasing number of cloud-related applications and services are being designed using patented cloud technology that was once subject to litigation. Any bank considering a move to cloud must first ensure that it is compliant, and is continually taking the necessary steps to comply, with the Banking Cloud Rules. Per ricevere una newsletter con frequenza mensile con le news tech del momento e i nostri articoli piu' recenti, lasciaci il tuo indirizzo email: Fai clic qui per condividere su LinkedIn (Si apre in una nuova finestra), Fai clic per condividere su WhatsApp (Si apre in una nuova finestra), Fai clic per condividere su Facebook (Si apre in una nuova finestra), Fai clic qui per condividere su Twitter (Si apre in una nuova finestra), Fai clic qui per stampare (Si apre in una nuova finestra), Art. The physical layer is the hardware necessary to support the cloud services (such as servers, wires, physical infrastructures and storage capacity)[11], while the abstraction layer is the algorithm (software) which allows the interaction between the physical components. Such litigation is often the result of increased competition in emerging industries as new players enter the market. Potrai cancellare la tua iscrizione in qualsiasi momento cliccando il link presente in calce a ogni nostra email. Service Disruption: This can be attributed to any fault in the internet connection as all … [25] Pursuant to article 4 of the GDPR, personal data means «any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person». In fact, the number of cloud managed service providers is predicted to triple by 2020.While executives are keen to expand into cloud services and make them an integral part of their digital business initiatives, there are concerns. But as with any new technology, cloud computing is posing new challenges to businesses and the public sector. We’ve discussed cloud computing risks at some length, so it’s helpful to remember whatis at risk. Scopri di più sulle privacy practice di Mailchimp cliccando qui. ORLANDO -- Enterprises that store data with cloud providers may no longer have physical control over it, but they're still on the hook legally for its protection and security. If this is assumption is true – as I believe – then we would need more legal certainty to keep innovating and let the society benefit from new technologies. The legal risks of cloud services Introduction. It is undiscussed that contract law does not usually cover all the aspect of a contract, and in cases like this – where such circumstance is not specified – the uncertainty might bring the parts to litigate upon the property of the mined data. Therefore, it is said that cloud computing is the future based technology which will replace all traditional data storage systems but still many professionals believe that it got so many risks which is greater than its benefits. Moreover, this is a choice drive by the fact that companies know very well that the provider’s client can hold personal data relating to its customers on the cloud, and therefore, the client will be likely to require a higher privacy standard and guarantees before entering into any negotiation. ... and the regulated entity’s expertise in and ability to effectively mitigate the security and legal risks prior to permitting hosting data in a jurisdiction outside of the United States. False Advertising; Unfair and Deceptive Practices. Let’s think about information ownership, for instance. Here are six key questions to consider before sailing off into the public cloud. Cheung – R.H. Weber, Privacy and legal issues in cloud computing, Celtenham and Northampton, MA, Elgar Law technology and society, 2015, [21] IDC Survey, 2008. This course covers the sixth domain of the exam: Legal, Risk and Compliance. Adopting this view could definitely bring an advantage to large companies, particularly to those that offer services such as IaaS or PaaS. And also, does cloud generate a new kind of information property right? This is due both to the different jurisdiction where it inevitably operates as well as because some regulatory requirements may vary from country to country. What Information is Regulated?, Queen Mary University of London, School of Law Legal Studies Research Paper, 2011, p. 8, [29] C. Reed, Information “Ownership” in the Cloud, Queen Mary University of London, Legal Studies Research Paper, 2010, p. 2. But it carries risks, both technical and legal. (e) the provider acts expeditiously to remove or to disable access to the information it has stored upon obtaining actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled, or that a court or an administrative authority has ordered such removal or disablement […]». Companies increasingly store sensitive data in the cloud. On this matter, see also the Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties and the free movement of such data n. 12555/15, available at: http://data.consilium.europa.eu/doc/document/ST-12555-2015-INIT/en/pdf, [36] A full list of companies is available at: https://www.privacyshield.gov/list, [37] P. Van Eeche, Cloud Computing Legal issues, DLA Piper, 2014. [24] Under article 4 of the GDPR, processing means «any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction». [32] Forum shopping does not have to be necessarily seen with a negative connotation. 25, «Bad forum shopping is a choice of jurisdiction of an available forum, which is not a natural forum, with the sole purpose and knowledge that the opponent is most likely to lose there». The governance of the cloud computing risk management program should consist of the cloud strategy, policies, procedures, and internal standards. «Big Law will finally start to go big in the cloud.» Moreover, is it proven that the larger the company, the more likely will be to comply with the highest level of privacy required by law anyways, with no stretch. Usiamo Mailchimp come piattaforma per gestire la nostra newsletter. In fact, not only the company would have to declare the breach to the supervisory authority[33], but also to the data subject[34]. The possible legal issues that arise when it comes to this technology are, indeed, related to almost every technical profile that characterize this technology. [39] Quoted in D.M. In the following section, the three service models that allows this optimal allocation will be explained, along with the legal issues that they naturally carry with them. Cloud computing has many legal and ethical issues that is preventing its adoption to world wide. First, we identified litigation where no PAEs were involved. Legal Risks for Providers of “Cloud Computing” Services. It is no secret that large corporations such as Microsoft and Amazon[1] for instance, have completely redefined their business around this highly-profitable technology. A breach of your data or your client’s data can be devastating depending on the type of data and the extent of the breach. All of them are far to be legal issues, but are rather only business-driven concerns. [2] M. Valsania, Microsoft, ricavi oltre i 100 miliardi grazie al cloud, Il Sole 24 Ore, 20 July 2018, available at: http://www.ilsole24ore.com/art/finanza-e-mercati/2018-07-20/microsoft-bilancio-alto-grazie-cloud-ricavi-oltre-100-miliardi-072229.shtml?uuid=AED0rkPF, [4] Compared to the same trimester in 2017, [5] T. Mell – P. Grance, The NIST Definition of Cloud Computing, US Department of Commerce, 2012, [6] B. Halpert, Auditing Cloud Computing: A Security and Privacy Guide, John Wiley & Sons, 2011, p. 2, [9] See P. Kumar – R. Kumar, Optimal resource allocation approach in cloud computing environment, 2016 2nd International Conference on Next Generation Computing Technologies (NGCT), Dehradun, 2016, pp. Data Loss. State-of-the-art cloud technologies, as well as core cloud server technologies that were developed several years ago, are highly patented. Multitenancy: which allows the service to be available – through virtualization and resource pooling – over a wide set of devices. For SaaS services, however, excluding the applicability of the GDPR without sufficient grounds, could turn into a delicate and possibly dangerous decision – not only for the possible fines that go up to €20 million or 4% of the worldwide annual revenue (whichever is higher), but also for the reputation of the company. Tel: +49 30 5557 4282. The same applies to services interruption and a myriad of other examples concerning customers’ data. This is made even more complex by geographical issues, since cloud services usually involve extra-territorial entities; this would make any form of transnational litigation prohibitively costly with the consequent likeliness for the client to be somehow forced to withdraw his claims.