Barry Sookman
  • Bio & expertise
    • Bio
    • Technology & Internet Lawyer
    • Copyright and Intellectual Property Lawyer and Litigator
    • Privacy & CASL
    • Government Relations
    • Rankings
  • Books & Articles
  • Speeches & Media
  • Terms
    • Privacy Policy
This site is about technology, copyright, and privacy Law
Barry Sookman
Barry Sookman
  • Bio & expertise
    • Bio
    • Technology & Internet Lawyer
    • Copyright and Intellectual Property Lawyer and Litigator
    • Privacy & CASL
    • Government Relations
    • Rankings
  • Books & Articles
  • Speeches & Media
  • Terms
    • Privacy Policy
Subscribe
  • data protection
  • Privacy

Contracting for a cloud computing deal?

  • May 23, 2012
  • Barry Sookman
Total
0
Shares
0
0
0

Cloud computing is on the mind of many CIO’s these days. Its also on the mind of lawyers. Lawyers know contracting for cloud services can be difficult given the potential risks associated with these services. For regulated entities like Canadian financial institutions, a material public cloud transaction also poses serious OSFI compliance challenges. The standard form contracts of many cloud providers also contributes to the difficulties. For a survey of these terms, see Simon Bradshaw et al Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services.

Many cloud providers will negotiate changes to their standard terms. Their flexibility depends, in part, on the size and importance of the transaction. According to a recent EU study by W Kwon Hon et al of Queen Mary School of Law Negotiating Cloud Contracts – Looking at Clouds from Both Sides Now, the outcome of a negotiation is “dependent on the size of the organization and the influence it can exert.” Even in these circumstances, however, there are significant divergences between the needs of organizations and the standard practices of cloud providers. PWC identified some of the gaps from a survey of cloud providers in Germany in its paper Cloud Computing: Navigating the Cloud. Not surprisingly, according to the Queen Mary study some of the major issues are

1.  exclusion or limitation of liability and remedies, particularly regarding data integrity and disaster recovery;
2.  service levels, including availability;
3.  security and privacy, particularly regulatory issues under the EU Data  Protection Directive (‘DPD’);
4.  lock-in and exit, including term, termination rights and return of data on exit;
5.  providers’ ability to change service features unilaterally and
6.  intellectual property rights (‘IPRs’).

The security and privacy challenges are generally at the forefront of the issues that have to be resolved. The US National Institute of Standards and Technology (NIST) recently published Guidelines on Security and Privacy in Public Cloud Computing to help organisations work through these issues. It is a must read for lawyers doing cloud computing deals.

The International Working Group on Data Protection in Telecommunication also recently published a Working Paper on Cloud-Computing – Privacy and data protection issues that canvasses data protection issues from an EU perspective. The Canadian Office of the Privacy Commissioner also released a Report on the 2010 OPC’s Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing which described some of the privacy issues implicated in cloud computing.

Governments around the world are also now helping make contracting for cloud transactions easier by publishing standards and best contracting practice guidelines. For example, in February the Australian Government published a Practice Guide called Negotiating the cloud – legal issues in cloud computing agreements. The National Standards Authority of Ireland in partnership with the Irish Internet Association (IIA), also just launched a new standard, entitled, “SWiFT 10: Adopting the Cloud – decision support for cloud computing“.

If you are thinking about doing a public, community, or hybrid cloud deal, you may want to keep NIST’s warning in mind:

Reaching agreement on the terms of service of a negotiated service agreement for public cloud services can be a complicated process fraught with technical and legal issues. If a negotiated service agreement is used, a legal advisor should be involved from the onset to address complicated legal issues that are likely to arise during negotiations.

Related

Total
0
Shares
0
0
0
0
Related Topics
  • B-10 Outsourcing Guideline
  • barry sookman
  • cloud computing
  • data protection
  • legal issues
  • limits of liability
  • OSFI
  • Privacy

Subscribe

Subscribe now to our newsletter

You May Also Like
Minister Champagne and AIDA
View Post
  • AI Regulation
  • AIDA
  • artificial inteliigence
  • CPPA

Government proposals to amend CPPA and AIDA: the good, the bad, and the challenges ahead Part 1

  • Barry Sookman
  • October 15, 2023
Google search engines and privacy
View Post
  • AI Regulation
  • artificial inteliigence
  • Charter of Rights
  • CPPA
  • PIPEDA
  • Privacy

Legality of search engines and AI systems under PIPEDA and CPPA: Google v Privacy Commissioner

  • Barry Sookman
  • October 8, 2023
Digital Charter Implementation Act and CPPA
View Post
  • CPPA
  • Privacy

CPPA: problems and criticisms – automated decision making

  • Barry Sookman
  • December 18, 2022
Digital Charter Implementation Act and CPPA
View Post
  • CPPA
  • PIPEDA
  • Privacy

CPPA: problems and criticisms – anonymization and pseudonymization of personal information

  • Barry Sookman
  • December 5, 2022

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe

Subscribe now to our newsletter

Barry Sookman
This site is about technology, copyright, and privacy Law

Input your search keywords and press Enter.

We may be using cookies to give you the best experience on our website.

 

Barry Sookman
Powered by  GDPR Cookie Compliance
Privacy Overview

This website may use cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.