Cloud Computing: An Update on Legal Issues

Just because your business is in the cloud doesn’t mean your head needs to be there, too.

For your reference, here’s a roundup of recent advisories and alerts touching upon the myriad legal issues that have emerged for businesses with the rise of cloud computing.

Jurisdictional issues, security, privacy, the Patriot Act, and other international legal considerations – you should know:

Cloud Computing: Understanding Security and Jurisdictional Issues (Skadden Arps):

“Companies … need to consider the jurisdictional issues presented by cloud computing. Unless the company uses a private cloud solution in which it can specify where its data is to be stored, companies should expect that their data may be stored in countries where they currently do not do business. As a result, potential cloud customers often question whether using cloud computing will mean that they are “doing business” for jurisdictional purposes in all countries where their data is being stored. To date, no court has addressed this issue, and it would seem difficult to find that a company is doing business in a jurisdiction simply because a third-party vendor is storing its data in that country…” Read on>>

Latest Trends in Cloud Computing in China (Dechert LLP):

“Censorship is and will likely remain a major stumbling block for the development of internet services in China, including cloud computing. For example, Google Docs, a well-known cloud-based program, is from time to time totally inaccessible in China. Technically, cloud services supported by servers outside China can (and do) work in China, but the risk of being blacklisted can create major continuity issues for the business. Censorship is based on a complex interpretation of a variety of laws that can lead to unpredictable blocking and potential service interruptions. One of these screening processes is known as the Great Firewall (GFW)…” Read on>>

Cloud Computing and the USA Patriot Act: Canadian Implications (Fraser Milner Casgrain LLP):

“Organizations have a privacy “problem” every time they transfer data. This is because under Canadian federal and provincial private sector privacy laws, the organization that collected and is entitled to use the personal information remains responsible for its security throughout its life-cycle. Indeed, in many cases organizations will have created a contractual obligation with individuals by incorporating the organization’s privacy policy (and privacy commitments) into terms of service or use or other customer e-commerce contracts…” Read on>>

International Cloud Computing Guide Should Become ‘Minimum Benchmark’ (Asta Puraite):

“The International Working Group on Data Protection in Telecommunications issued -on 24 April 2012 – a ‘Working Paper on Cloud Computing – Privacy and data protection issues’, which specifically examines the processing of personal data in cloud computing environments. ‘There is still uncertainty in relation to cloud computing, especially when it concerns privacy, data protection and other legal issues’, reads the Guide. ‘The recommendations in this paper are intended to help reduce that uncertainty’. In particular, the Guide recommends implementing data protection standards within the cloud, privacy impact and risk assessments, greater transparency, security, accountability and independent audit provisions…” Read on>>

The Cloud: What Goes Up Must Come Down (Field Law):

“What goes up must come down. Servers crash. Companies go bankrupt. When a cloud service provider fails or the technology falters, what happens to the servers that house the data? Think of where your cloud-based data is hosted… and then try to imagine what it would take to get that data back. In these cases, questions of jurisdiction and bankruptcy law quickly come to the fore…” Read on>>

Know the Risks Before You Head to the Cloud: A Primer on Cloud Computing Legal Risks and Issues for Nonprofits (Venable LLP):

“Cloud offerings utlilized by nonprofits tend to come in three flavors. Infrastructure as a Service (IaaS) offerings deliver information technology infrastructure assets, such as additional computing power or storage. Platform as a Service (PaaS) offerings provide a computing platform with capabilities, such as database management, security, and workflow management, to enable end users to develop and execute their own applications. And, Software as a Service (SaaS) offerings provide software applications on a remotely accessible basis. SaaS offerings are probably the most commonly understood type of “cloud” solution” Read on>>

Also see these excellent primers from the JD Supra archives:


Stay in touch: additional Tech Law updates on JD Supra>>