Skip to main content

Legal Issues Surrounding Cloud Computing

With the explosive growth of innovations in the Information Technology industry, the Legal provisions are currently lagging behind and desperately looking for ways to cope up with the never-seen-before advancements. Cloud computing, being one of such recent advancements, have raised a number of legal issues including privacy and data security, contracting issues, issues relating to the location of the data, and business considerations.

The abovementioned issues are the primary ones faced by almost all the nations across the globe. However, when it comes to the Indian scenario, a number of additional complicated issues are faced by India owing to lack of awareness and lack of resources. With the ‘Digital India’ initiative in the news, it is obvious that more and more individuals and organisations will be using online services and infrastructure via the Cloud in the near future; and it is therefore necessary to analyse our position thereon and discuss whether our legal system is ready for such a revolutionary change.

The legal issues that frequently arise in the cloud are wide-ranging. However, attempting a broad generalisation, mainly four types of issues arise therein:
  1. Privacy of data and data security
  2. Issues relating to contractual relation between the cloud service provider and the customer
  3. Complex jurisdictional issues, or issues relating to the location of the data and the set of laws applicable
  4. Commercial as well as business considerations

At the outset, it may very well be clarified that though cloud computing enables the customer access to computing, networking, storage resources just like traditional outsourcing services and Application Service Providers (ASPs), it has a legal nature quite different from these two owing to its distinctive features like ‘on-demand access’, and ‘unit-based pricing’ (pay-per-use).



Privacy and data security issues:
Seemingly, the main privacy/data security issue relating to the cloud is ‘data breach’. Data breach may be in the generic sense defined as the loss of unencrypted electronically stored personal information (Buyya, Broberg, & Goscinski, 2015). A data breach can cause loss to both the provider as well as the customer in numerous ways; with identity theft and chances of debit/credit card fraud to the customer, and financial harm, loss of customer, loss of reputation, potential lawsuits et cetera for the provider.
The American law requires data breach notification to be issued of affected persons in such case of a data breach. Almost all the states in the United States now require notification of affected persons upon the occurrence of a data breach.
Talking about the Indian scenario, most of the providers are seen to attempt at lessening their risk liability in case of a data breach scenario. However, as more sensitive information is entering the cloud every passing day, businesses and corporations have started negotiating the contracts so as to insert terms that expand the contractual obligations of the providers.
Problem arises when the data is subject to more than one jurisdictions, and the jurisdictions have different laws regarding data privacy. For example, the European Union Data Privacy Directive clearly states that ‘Data cannot leave the EU unless it goes to a country that ensures an “adequate level of protection”.’ Now, although such statement makes the EU provisions easily enforceable, but it restricts the data movement thereby reducing the data efficiency.
Contracting Issues:
Clearly, licensing agreements are fundamentally different from Service agreements. Cloud essentially, in all its permutations (IaaS, PaaS, SaaS), is a service, and therefore is governed by a Service agreement instead of a Licensing agreement.
However, the main issue regarding the Cloud Service agreements is ‘contract of adhesion’. Owing to the limited expansion of Cloud Services in India, most of the time the ‘Click-wrap agreement’ model is used, causing the contract to be one of the contract of adhesion. It leaves no or little scope for negotiation on the part of the user/customer.
With the expansion of the Cloud computing, gradually the negotiation power of the large corporation will cause the Cloud Contracts to be standard and negotiated ones. However, at an individual level, this is still a far destination.
Legal provisions clearly cannot force the cloud providers to have a negotiating session with each and every customer. However, legal provisions may be made to ensure that the liability and risk responsibility clauses follow a standard pattern which compensates the user for the lack of negotiation during the formation of the contract.
Jurisdictional Issues:
Jurisdiction is the authority of a court to judge acts committed in a certain territory. Jurisdiction in case of legal issues relating to the Cloud services becomes difficult and critical because of the features of Cloud like ‘Virtualization’, and ‘Multi-tenancy’.
While virtualization ensures the requirement of less hardware and consumption of less power thereby ensuring computing efficiency, it also on the other hand makes it difficult for the cloud user or the cloud provider to know what information is housed on various machines at any given time.
Multi-tenancy refers to the ability of a cloud provider to deliver services to many individuals or organisations from a single shared software. The risk with this is that it makes it highly possible that the data of one user may be accessed in an unauthorised manner by another user since the data of various users are only virtually separated and not physically. Also, it makes it difficult to back up and restore data.
The cloud enables a great deal of flexibility in data location, which ensures maximum efficiency in data usage and accessibility. However, it creates a number of legal issues as well. It makes it quite possible a scenario that the same data may be stored in multiple locations at a given time. Now, if the multiple locations are subject to different jurisdiction and different legal system, there arises a possibility that there may be conflicting legal provisions regarding data in the two aforementioned different locations. This gives rise to most of the jurisdictional issues in Cloud computing.
Also, laws relating to confidentiality and Government access to data are different across different nations. While the Indian laws manage to strike a balance between national security and individual privacy, most of the nations do not prefer a balance and have adopted a biased view on this. Problem of conflict of laws arises herein, in such cases.
Commercial and Business Considerations:
Other commercial and business considerations like the urge to minimize risk, maintain data integrity, accessibility and availability of data as well as Service level Agreements have also significantly shaped the present as well as future of Cloud Computing in India. It also creates a number of foreseeable as well as unforeseeable issues that needs to be addressed by dedicated legislations therefor.

It is an accepted truth that Law always lags behind technical innovations, and the complexities of the Cloud innovations and related Cloud Services like Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) will force the law and legislations to catch up in order for an effective legal system that provides legal remedies to prevent and redress the resultant harms.
Raising awareness, ensuring universal access to information, and resource mobilizing are complimentary solutions that’ll never go wrong for the Indian scenario in order to add to the effectiveness of an effective legal system.

Popular posts

Citing Legal Materials Using Bluebook - A Short Guide

©Anshuman Sahoo 2017. 
Free for mass distribution till the source is properly mentioned.



So, you collected the relevant materials for your research, went through them carefully, and evaluated the available materials. Now, what remains is to carefully dot down your arguments in your own words while supporting those arguments and ideas by citing relevant materials in the footnotes. It is necessary to cite relevant legal material that you have referred to because it reflects your research and in-depth study that you have undertaken to write that paper. Apart from that, while quoting the work of someone else, citation is necessary to avoid possible allegations of plagiarism. However, while citing the materials in the footnotes section, you cannot cite them as per your wish. For example, while citing page no. 99 of ‘The Start-up of You’ book written by Reid Hoffman, you cannot cite it as ‘page 99, The Start-up of You, Reid Hoffmann’ just because that seems convenient. There is a standard metho…

On Indianness: #Throwback to a long-forgotten tradition

“आनोभद्राःक्रतवोयन्तुविश्वतः” – Rig Veda(Let noble thoughts come to me from all directions.)
(In honour of the 5000-year old culture that taught me to de-contextualise and de-personalise every piece of wisdom.)The India that we get to see today came into being only in 1947, and later.
Prior to that, the whole landmass that we refer to as India was never a part of a single empire, never had a uniform governance, evidently had a high-degree of socio-cultural as well as geographical diversity, and seemingly had no single feature which can be found to be common across the subcontinent. And yet, not only the outer world recognised this whole landmass as one, but the people inside somewhere had this feeling that they’re one – they belong to one!
Interesting, but how?
The whole subcontinent, throughout its history, no matter how diverse it was in its socio-cultural and political affairs, has always had a common essence – a common signature trait that was rare in other contemporary civilisations…

A journey called Law School: Few words for the newcomers

Law school has its own ways to teach us the needed, regardless of our consent or interest thereto! However, gradually, through the ups and downs of our journey, it seems that while there are some things that we can change, there also exist some things that need to be accepted. I have had my fair share of ‘law school experiences’ to enable me to write this piece. However, I cannot guarantee that you’ll be having the same experiences through your journey. Therefore, inapplicability regretted. So, shall we start? 1. You’ll be facing tough competitions. Yes, cutthroat competition. You’ll compete with unfaithful friends and sincere enemies. Be prepared to be betrayed, used, and knocked out. However, don’t let this affect you. Everyone you meet in Law School isn’t your competition, but a potential ally. Learn to build meaningful relationships. Remember, legends don’t compete, they collaborate! 2. You’ll be having not-so-competent teachers teach you. We all face it. And not just here, it’s …