Services in the Cloud. Let’s think about information ownership, for instance. This drastic surge was mainly driven by patent assertion entities (PAEs), which purchase patents (eg, from a bankrupt firm) and then sue other companies by claiming that one of their products or technologies infringes on the purchased patent. Such litigation is often the result of increased competition in emerging industries as new players enter the market. almost every major US internet or software company. - Tutti i diritti riservati. Technology 3. 25, «Bad forum shopping is a choice of jurisdiction of an available forum, which is not a natural forum, with the sole purpose and knowledge that the opponent is most likely to lose there». According to Oppenheim (2011), “ All EU member states have data protection laws that are broadly similar, as they are obliged to implement the EU Directive on data protection, but even in these cases, the laws aren’t identical” (p. 26). Risks arising from the use of cloud services in the context of legal proceedings Whilst the risk profile of using cloud services across the EU will likely change once the SLA guidelines and the EU Data Protection Regulation are adopted fully, businesses with exposure to litigation and regulatory investigations should be aware of the types of risks that are inherent when using cloud services. As Figure 4 illustrates, these companies include the largest cloud computing providers (eg, Amazon, Microsoft, IBM and Google), and companies with business models which rely heavily on cloud computing technologies (eg, Salesforce, Facebook and Cleversafe). understand and mitigate these risks to better leverage their cloud computing initiatives. Cloud computing has many legal and ethical issues that is preventing its adoption to world wide. Concluding with privacy-related issues, it is worth mentioning the principle that states that no data can be transferred outside the European Union without an adequate level of protection, according to article 45 of the GDPR[35]. Recalling that cloud computing services and products often operate using multiple systems and technologies, the data suggests that these services and products have an increased risk of litigation, since the patented cloud technologies at their core were once subject to legal action. The physical layer is the hardware necessary to support the cloud services (such as servers, wires, physical infrastructures and storage capacity)[11], while the abstraction layer is the algorithm (software) which allows the interaction between the physical components. Therefore, it is said that cloud computing is the future based technology which will replace all traditional data storage systems but still many professionals believe that it got so many risks which is greater than its benefits. In the case of the US, the cloud provider need to be indicated in the “Privacy shield list”[36] available on the official International Trade Administration of the U.S. Department of Commerce. Cliccando iscriviti confermi di sapere che le tue informazioni saranno trasferite a Mailchimp per essere processate. False Advertising; Unfair and Deceptive Practices. Email: [email protected] Depending on the nature of the service and its importa… Usiamo Mailchimp come piattaforma per gestire la nostra newsletter. The possible legal issues that arise when it comes to this technology are, indeed, related to almost every technical profile that characterize this technology. Even if public law is unfortunately of little use in giving answers, the hope is that regulators will find a way to ensure that these services are not only protected with civil law, but, since they’re becoming essentials to the society, they will be granted some sort of public-law safeguard. Dennis Garcia – Associate General Counsel, Microsoft Inc. Otherwise, as a general rule, the company can only store data in European data centers. Legal risk analysisWe analysed alleged infringers (ie, defendants) in cloud computing patent litigation in order to clarify the legal risks involved in using and integrating cloud technologies. Cloud technologies often provide the basic technological platform for server-based applications (eg, a retailer’s payment system or a bank’s accounting system). It is no secret that large corporations such as Microsoft and Amazon[1] for instance, have completely redefined their business around this highly-profitable technology. Recalling that cloud computing services and products often operate using multiple systems and technologies, the data suggests that these services and products have an increased risk of litigation, since the patented cloud technologies at their core were once subject to legal action. 112-117, [10] The concept of pay-per-use and pay-per-charge is mentioned in T. Mell – P. Grance, The NIST Definition of Cloud Computing, see supra note n. 5, [12] As it is pointed out by Hold, Millard, Walden, «These services may be viewed as a spectrum, from low-level functionality (IaaS) to high-level functionality (SaaS), with PaaS in the middle» in The Problem of ‘Personal Data’ in Cloud Computing. The governance of the cloud computing risk management program should consist of the cloud strategy, policies, procedures, and internal standards. In the EU, the Directive 2000/31/EC (E-Commerce directive) protects cloud providers with an exception for liability in case the cloud provider only engages in the activity of caching[38] data (thus, when it does not modify of have actual knowledge and control over the information). The parties need to consider carefully whether to accept a clause with a foreign jurisdiction for their cloud contracts (given that they have any sort of negotiation power), since claims and disputes are all but infrequent in the cloud industry. If it undoubtedly positive that cloud providers move and adapt nimbly in the thorny issues that this technology naturally brings with it, on the other hand, there is always the spectrum of the danger that leaving such open margins may lead to abuses that will eventually go in the opposite direction of innovation. Books Advanced Search Today's Deals New Releases Amazon Charts Best Sellers & More The Globe & Mail Best Sellers New York Times Best Sellers Advanced Search Today's Deals New Releases Amazon Charts Best Sellers & More Cheung – R.H. Weber, Privacy and legal issues in cloud computing, Celtenham and Northampton, MA, Elgar Law technology and society, 2015, [21] IDC Survey, 2008. View website CW500: The legal risks of migrating to the cloud. Customers are becoming more and more aware of privacy risks and are taking such concerns very seriously; on the other hand, companies do not want to be seen as “law avoiders” or bad actors, and tend to accommodate this higher-level of compliance[28], also as a differentiation strategy from smaller competitors (who can’t usually afford it). What is technically easy, however, could bring serious legal complications, and in the same way that the cloud environment is made by different layers of services (Software, Platform and Infrastructure as a service), it is also made by several layers of risks which include every thinkable area of the law. Multitenancy: which allows the service to be available – through virtualization and resource pooling – over a wide set of devices. [33] Pursuant to article 33 of the GDPR, «In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons». Security issues. If a data breach wasn’t bad enough, there is an even worse cloud security threat - it can … If we accept the validity of this theory, all the European privacy implication such as data anonymization, sharding of fragmentation data and encryption[27], will not apply to cloud providers that don’t have access to decryption keys. (e) the provider acts expeditiously to remove or to disable access to the information it has stored upon obtaining actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled, or that a court or an administrative authority has ordered such removal or disablement […]». Cloud space litigationA recent study revealed that US patent litigation involving cloud technologies has increased by 700% over the past four years (for further information please see “Cloud computing patent litigation on the rise”). Tim Pohlmann [34] Article 34 of GDPR: «When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay». [35] According to article 45 of GDPR «A transfer of personal data to a third country or an international organisation may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection. Cloud minimizes the costs of transforming a concept from the ideal to the reality stage, making the implementation software easier than ever before. Another legal risk is related to the costs that the company might suffer as a consequence of data breach within the cloud. Separation Among Multiple Tenants Fails. In [2] the authors proposed, the constraint on the security risks and challenges of cloud computing and study the security requirements for cloud computing. Termination or suspension of service. We then analysed litigation where PAEs were plaintiffs. Economics: through which consumers use the service on-demand, and for the time strictly needed, Infrastructure as a Service (IaaS): this model provides servers (either physical or virtual), cloud-based storage as well as applications that the administrator will use to set up its service, Software as a Service (SaaS): means «the capability provided to the consumer […] to use the provider’s applications running on a cloud infrastructure», Platform as a Service (PaaS): it is a platform within which developers can build and deliver their applications. As Figure 2 illustrates, over 50% of defendants were multi-billion dollar companies. In the following section, the three service models that allows this optimal allocation will be explained, along with the legal issues that they naturally carry with them. However, the impression is that businesses are underestimating legal risks related to this technology, while they prefer to focus their attention more on business risks, which are typically short-term issues threatening profits and margins. It has become crucial for companies to reduce costs, improve network and storage security, and offer a wide range of services with relatively limited resources. Another – and last – delicate point, is related to the liability of the cloud provider for illegal content uploaded by their clients[37]. Financial. However, all this does not come for free, and the legal implications of this technology are delicate, numerous and often hidden in complexity. [39] Quoted in D.M. Using the words of Max Weber «the rationalization and systematization of the law in general and … the increasing calculability of the functioning of the legal process in particular, constituted one of the most important conditions for the existence of … capitalistic enterprise, which cannot do without legal security»[39]. In a presentation titled "Computing (strike that — Litigation) in the Cloud," Steven Teppler, senior counsel at KamberEdelson in New York, said cloud computing and services are a corporate counsel's nightmare. You should carry out a risk assessment process before any control is handed over to a service provider.. Scopri di più sulle privacy practice di Mailchimp cliccando qui. First, we identified litigation where no PAEs were involved. Despite cloud computing being around for quite a long time, legislators around the world – with few exceptions –  haven’t really made an effort to adapt regulations to fully reflect the complexity of this increasingly important technology. Cloud computing has the potential to revolutionize how we invent, develop, deploy, scale, update, maintain and pay for data and applications, as well as the infrastructure on which they run. [2] M. Valsania, Microsoft, ricavi oltre i 100 miliardi grazie al cloud, Il Sole 24 Ore, 20 July 2018, available at:, [4] Compared to the same trimester in 2017, [5] T. Mell – P. Grance, The NIST Definition of Cloud Computing, US Department of Commerce, 2012, [6] B. Halpert, Auditing Cloud Computing: A Security and Privacy Guide, John Wiley & Sons, 2011, p. 2, [9] See P. Kumar – R. Kumar, Optimal resource allocation approach in cloud computing environment, 2016 2nd International Conference on Next Generation Computing Technologies (NGCT), Dehradun, 2016, pp. Vendor 5. Five major risks are: 1.Data security and regulatory 2. Elasticity: defined as the ability to «scale rapidly outward and inward commensurate with demand». But it carries risks, both technical and legal. The results confirmed that cloud computing technologies are increasingly incorporated in products and services that are reliant on technologies which enable communication and processing in the Cloud. OutlookA growing number of applications and services integrate cloud computing technology. This course covers the sixth domain of the exam: Legal, Risk and Compliance. Patented cloud technologies are not only relevant for internet-based businesses, but are also increasingly used in retail and financial services. 144 Nuovo Codice Privacy – D.lgs 196/2003 aggiornato al D.lgs 101/2018. The ability to engage in Cloud Computing is not limited by the specific location of the remote server, although some of the factors noted above, including choice of law clauses, and concerns about access to data in the event of a service interruption or an emergency, may be implicated by the location of the storage server and the extent of backup service provided by the vendor. Cloud computing has been defined as the «model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources»[5]. A breach of your data or your client’s data can be devastating depending on the type of data and the extent of the breach. While PAEs tend to focus on specific technologies, their assertion strategies target multiple industries. So, through this article I will explain to you the legal risks involved in Windows 8 cloud computing. ... and the regulated entity’s expertise in and ability to effectively mitigate the security and legal risks prior to permitting hosting data in a jurisdiction outside of the United States. And also, does cloud generate a new kind of information property right? However, a highly optimized public cloud presents a variety of legal risks … An … Further, these companies were roughly the same size in terms of revenue. Scopri di più sulle privacy practice di Mailchimp cliccando qui. The information that the cloud provider receives and stores is beyond any doubt owned by the client, because it is generated outside the cloud. Legal Risks for Providers of “Cloud Computing” Services. [25] Pursuant to article 4 of the GDPR, personal data means «any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person». In fact, not only the company would have to declare the breach to the supervisory authority[33], but also to the data subject[34]. Bringing back the initial question, what are the legal issues that arise from cloud computing and its multiple-layer structure? Potrai cancellare la tua iscrizione in qualsiasi momento cliccando il link presente in calce a ogni nostra email. Defendants involved in multiple cloud-related patent litigation included: However, the defendants that were sued by PAEs included: The results confirmed that PAE litigation in the cloud space clearly targets industry leaders, and that a wide range of industries is involved in cloud computing patent litigation. But as with any new technology, cloud computing is posing new challenges to businesses and the public sector. Trubek, Max Weber on Law and the Rise of Capitalism, Yale Law School Legal Scholarship Depository, 1972, Avendo preso visione dell'informativa sulla Privacy di CyberLaws, presto il mio consenso ad essere contattato per la newsletter e altre iniziative di marketing di CyberLaws. If this is assumption is true – as I believe – then we would need more legal certainty to keep innovating and let the society benefit from new technologies. Data Loss. Staying on top of the ever-changing technology and tools available today can be daunting and give rise to complex legal issues and risks. In fact, if the data processed[24] by the cloud provider is “personal data”[25] and it is related to UE citizens, so the provider would need to be compliant with the new EU privacy regulation, even if its servers or its headquarters are located abroad, which is the case of most cloud providers (Amazon, Alphabet, Microsoft, IBM – all the largest providers are, indeed, located in the United States). © 2020 CyberLaws. . This poses some threats for its reputation as well as it exposes the company to civil liability that might arise because of the breach. We’ve discussed cloud computing risks at some length, so it’s helpful to remember whatis at risk. CommentThis research is an extract of an ongoing study around patent activities in the space of cloud computing. Cloud Computing Imposes Legal, Regulatory, and Business Risk Most companies operate under risk constraints. [24] Under article 4 of the GDPR, processing means «any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction». What Information is Regulated?, Queen Mary University of London, School of Law Legal Studies Research Paper, 2011, p. 8, [29] C. Reed, Information “Ownership” in the Cloud, Queen Mary University of London, Legal Studies Research Paper, 2010, p. 2. [32] Forum shopping does not have to be necessarily seen with a negative connotation. . Here are six key questions to consider before sailing off into the public cloud. Cloud computing is the top technology that is disrupting enterprise and consumer markets around the world, thanks to its ubiquity and widespread usage. «Big Law will finally start to go big in the cloud.» Any bank considering a move to cloud must first ensure that it is compliant, and is continually taking the necessary steps to comply, with the Banking Cloud Rules. The same applies to services interruption and a myriad of other examples concerning customers’ data. The costs of investigating and resolving a breach, associated legal expenses, and the losses to a company’s reputation, can be enough to shut its doors. Per ricevere una newsletter con frequenza mensile con le news tech del momento e i nostri articoli piu' recenti, lasciaci il tuo indirizzo email: Fai clic qui per condividere su LinkedIn (Si apre in una nuova finestra), Fai clic per condividere su WhatsApp (Si apre in una nuova finestra), Fai clic per condividere su Facebook (Si apre in una nuova finestra), Fai clic qui per condividere su Twitter (Si apre in una nuova finestra), Fai clic qui per stampare (Si apre in una nuova finestra), Art. @IAM_magazine Philips is betting on Indian courts in its campaign to sign up Chinese SEP licensees, two new cases show… Read more, @IAM_magazine RT @jacknwellis: BREAKING: Singapore grants world’s first regulatory approval for ‘lab-grown’ meat Read more, @IAM_magazine Conversant and Tesla agree licensing deal ending litigation between the pair Read more, @IAM_magazine A unitary EU SPC system may be on the cards, but there are hurdles to overcome: Read more, © Copyright 2003-2020 Law Business Research, Cloud computing patent litigation on the rise. The first part of this article will focus on describing the characteristics of this technology and the concept of optimal resource allocation. As reported in T. Dillion – C. Wu – E. Chang, Cloud Computing: Issues and Challenges, IEEE International Conference on Advanced Networking and Applications, 2010, p. 1. The analysis conducted by IPlytics intends to shed light on the potential legal risks for cloud technology users. IPlytics GmbH However, this is not the case in many other countries, where – especially in common law jurisdiction – the law might not be clear enough and a revirement from the highest courts is always around the corner. Alongside their target industry, each defendant’s annual revenue (fiscal year 2016) was considered. Cloud computing is a skyrocketing business. The cloud … Availability. This is made even more complex by geographical issues, since cloud services usually involve extra-territorial entities; this would make any form of transnational litigation prohibitively costly with the consequent likeliness for the client to be somehow forced to withdraw his claims. Starting off with data privacy, one of the first issues that we should bear in mind when thinking about cloud computing is related to the applicability of the European General Data Protection Regulation (GDPR)[23]. Cloud computing is a skyrocketing business. Our analysis revealed that plaintiffs and defendants were from the same industries and likely had competing products and services. On the one hand, it might be good for companies to be able to navigate the vacuum left by worldwide regulators comfortably, and at a fast pace. When it comes to information generated inside the cloud, however, the situation changes. In this sense, we have noticed that companies are more worried about the short-term business implications rather than legal issues. It is undiscussed that contract law does not usually cover all the aspect of a contract, and in cases like this – where such circumstance is not specified – the uncertainty might bring the parts to litigate upon the property of the mined data. Before considering cloud computing technology, it is important to understand the risks involved when moving your business into the cloud. This is a co-published article whose content has not been commissioned or written by the IAM editorial team, but which has been proofed and edited to run in accordance with the IAM style guide. Tel: +49 30 5557 4282. [26] K. Hon – C. Millard – I. Walden, The Problem of ‘Personal Data’ in Cloud Computing. Loss or theft of intellectual property. In similar cases, for instance in scenarios of loss of data, the company might suffer financial damage due to the compensation that would have to provide to the customer both for the actual loss as well as for the loss of profits as a consequence of the breach. In fact, in these events, it is not sure who owns such content, and if contract law does not provide a clear answer, we would find ourselves in a legal grey area open to interpretations and speculations. These are: The concept of “service layering” that applies to the various cloud services, in fact, could be either intended as the single layer of infrastructure/software/platform provided, or as the combination of more than one of the services (for instance, frequently, IaaS e SaaS or PaaS and SaaS). In a word, the Cloud Computing Data Center IT Asset Disposition (ITAD) Market report provides major statistics on the state of the Cloud Computing Data Center IT Asset Disposition (ITAD) industry with a valuable source of guidance and direction … In this course, learn about legal, risk, and compliance issues in the world of cloud computing as you prepare for the CCSP exam. As broadly written cloud-related patent claims may cover an unforeseeable range of solutions that run on the Cloud, companies which use cloud computing technologies face an unpredictable level of legal risk. Done well, cloud computing … No one would think that putting data in the cloud would be able to change its ownership status[31], that is – among others – protected under copyright law. Litigation, indeed, is another complex issue that might arise. In view of this, affirming that the legislation in which cloud computing operates is complex is probably an understatement. The correct applicability of the law in relation to any pathologic event that involves the contract (for instance for any breach), is certainly matter of civil law, that, however, lay itself open to strategic choices as for the forum choice[32] or for the choice of alternative dispute resolution mechanisms. Further, the increased litigation in retail and financial sectors indicates that cloud technology integration seems to have a significant impact on a company’s revenue, since PAEs are unlikely to target niche products. Legal issues have risen with the changing landscape of computing, especially when the service, data and infrastructure is not owned by the user. Prof. Clayton M. Christensen – Harvard Business School. The legal risks of cloud services Introduction. To identify the companies risking litigation for their cloud technologies, we identified the patent portfolios that cited US-litigated patents. As Figure 3 illustrates, an increasing number of cloud-related applications and services are being designed using patented cloud technology that was once subject to litigation. In the second part there will be an overview of the most relevant issues around cloud computing and its three service layers. Business customers need to be aware of the significant legal risks and implications associated with cloud computing. The risks related to the availability of a cloud service are less severe, but still damaging. «Every kid coming out of Harvard, every kid coming out of school now thinks he can be the next Mark Zuckerberg, and with these new technologies like cloud computing, he actually has a shot.» ORLANDO, Fla. — Cloud computing was a hot topic at this week's Storage Networking World show, but one attorney sounded a warning note about the rush to the cloud. It has become crucial for companies to reduce costs, improve... Optimal IT Resource management in cloud computing. Although definitions of cloud computing are commonly contested, most authors agree that the three following characteristics always apply to cloud computing technologies[6]: In this context, what has come to be referred as the “optimal resource allocation” or “optimal IT resource management” of this technology, is the fact that it allows the user to buy only the service that he actually needs, without requiring costly investments for the purchase of the infrastructure that would become – anyways – outdated, shortly after[9]. The most controversial case, for instance, happens in data mining cases where the cloud generates/finds new content. «A strategy is nothing but good intentions unless it’s effectively implemented». As for data property, if it is true that the «essence of cloud computing is that a customer entrusts its own digital information, together with that of third parties, to the cloud computing service provider»[29] (particularly true in case of IaaS and PaaS, where the cloud provider is nothing more than a “utility infrastructure service”[30]) so what happens to the ownership rights related to it? According to the IDC Enterprise Panel[21], in fact, the challenges and risks that are preventing businesses to adopt cloud computing are (in order of importance[22]) security issues, performances, availability, difficulty to integrate and customize with in-house IT and preoccupation of increasing costs. ORLANDO -- Enterprises that store data with cloud providers may no longer have physical control over it, but they're still on the hook legally for its protection and security. Imagining all this in a more delicate environment, for instance, in relation to services such as healthcare, public safety or the military, puts ease to see how this could impact a broader spectrum of subjects, and therefore, leaves a gigantic question mark on how citizens can expect some protection from these services to be always working. What Information is Regulated?, Queen Mary University of London, School of Law Legal Studies Research Paper, 2011, [13] Jamsa, Cloud computing, Jones & Bartlett Publishers, 2012, p. 6, [14] Defining IaaS, PaaS and SaaS, IBM, 2018, available at:, [18] K. Selden, Rethinking the Cloud: Legal Aspects of Cloud Solutions, University of Colorado, Technical Services Law Librarian, 2013, p. 34, [20] See A.S.Y. Australian Cloud providers have been given a boost following warnings from a legal expert on the risks associated with hosting data offshore. The Banking Cloud Rules also set out comprehensive guidelines which banks must follow in order to comply with the regulator’s requirements on the use of cloud computing and/or offshoring of data. The data also showed that for each litigated patent, PAEs target at least three major industry verticals. As it is pointed out by P. Paschalidis, Freedom of Establishment and Private International Law for Corporations, UOP Oxford, 2012, par. Obviously, a private cloud gives the organization greater control over the infrastructure and computational resources. Such a transfer shall not require any specific authorisation». Top Five Legal Issues For The Cloud Service levels. Companies increasingly store sensitive data in the cloud. This is due both to the different jurisdiction where it inevitably operates as well as because some regulatory requirements may vary from country to country. From data privacy[20] and data security to data property, copyright and IPRs, freedom of information, contractual issues (civil liability for stolen or lost data as well as services interruption), and even to VAT treatment of such services. T-Mobile consumers might assert various legal theories against T-Mobile for damages if their data are not fully restored, or if T-Mobile fails to act promptly and reasonably to mitigate damages to consumers. To capture this relationship, we searched for patents that had been cited by cloud-related patents and identified those that had been the subject of US litigation. Our research suggests that these patented cloud technologies are increasingly subject to litigation, often involving PAEs that sue multi-billion dollar corporations across all industries.