Kuan Hon - Big Legal Issues Affecting Cloud

Kuan Hon - Big Legal Issues Affecting Cloud
Big Legal Issues Affecting Cloud 23 March 2016 Dr Kuan Hon @kuan∅ | k@kuan0.com kuan.hon@pinsentmasons.com Cloudscape 2016
@kuan∅ Canter through Already law ! – contracts from 1 Oct 2015 The Insolvency ( Protection of Essential Supplies ) Order 2015 Adoption expected 2016, effective in 2 yrs Network & Information Systems Security Directive ( NIS Directive ) General Data Protection Regulation ( GDPR )
@kuan∅ If cloud customer goes bust... More info http://bit.ly/ITinsolvency Cloud provider can’t use contractual right, exerciseable upon administration or “voluntary arrangement”, to - Terminate contract - unless eg new charges unpaid >= 28 days Stop supply of service - unless notice to office- holder to terminate without personal guarantee of new charges, & none within 14 days
@kuan∅ More points • Purpose – where rescue / restructuring, ie breathing space only • Liquidation, bankruptcy - can still exercise contractual right to terminate • Not just cloud services – supply of o Data storage / processing ( which must include cloud ! ), webhosting, computer software / hardware, IT info / advice / assistance...
@kuan∅ NIS Directive All data, not just “personal data” Security obligations + breach / incident notification obligations + penalties for infringement – 2 classes Operators of essential services Banks, healthcare, transport, utilities, Internet infrastructure ( IXPs, DNS service providers, top level domain name registries ) Essential service relying on DSP, incident at provider “Digital service providers” ( lighter obligations ) Incl. ALL cloud providers - IaaS, PaaS, and SaaS ( Also search engines, online marketplaces )
@kuan∅ NIS Directive implications Cloud contracts ( operators using cloud for “essential service” ) provider notification Breach / incident notification to authorities systems & processes preparation / rehearsal – all stakeholders Insurance ?
@kuan∅ GDPR New processor ( cloud provider ) obligations Security, breach notification to customers, international transfers, records, DPO - 2% / €10m New processor ( cloud provider ) liability for compensation if “involved” in processing Choice of who to sue – bigger pockets ? Claim back against others at fault iff paid in full New detailed, prescriptive requirements regarding contract terms, incl. cloud contracts Audit rights + regulators can demand info / audits “Assist” cloud customer ( vs. commodity cloud )
@kuan∅ GDPR implications Cloud and other processor contracts - change of law / change control clause now ! Providers - allocate responsibilities & liabilities, indemnities; costs / pricing Both - new required terms - 2% / €10m Cloud-appropriate standard contract terms ? CIF, Eurocloud, CSA put forward for approval ? Approved certifications, codes of conduct Breach notification / preparation too ! Different authorities than under NIS Directive ? Insurance ?
@kuan∅ Killing cloud quickly with DP ? The GDPR's coming, soon to be law they say Middle of 20-18 may be the fateful day ! What will this mean for clo-ud ? Will cloud be here to sta-ay ? Don't want to be pessimistic, not sure how we'll find a way Killing cloud quickly with DP, killing cloud quickly, with DP, tearing up SaaS, PaaS and I-aaS Killing cloud quickly, with DP…? Full article www.scl.org/site.aspx?i=ed46375 Photo of Roberta Flack by Roland Godefroy CC BY SA 2.5
@kuan∅ Thank you! Dr Kuan Hon Half lawyer | half geek | mostly harmless Twitter: @kuan∅ Email: k @ my domain below; also kuan.hon@pinsentmasons.com www.kuan∅.com | blog.kuan∅.com

Check these out next

Kuan Hon - Big Legal Issues Affecting Cloud

Recommended

More Related Content

Similar to Kuan Hon - Big Legal Issues Affecting Cloud(20)

Recently uploaded(20)

Kuan Hon - Big Legal Issues Affecting Cloud