Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kuan Hon - Big Legal Issues Affecting Cloud


Published on

From the March 2016 London Cloudcamp focused on Blockchain and/or Bitcoin...

Published in: Technology
  • Be the first to comment

Kuan Hon - Big Legal Issues Affecting Cloud

  1. 1. Big Legal Issues Affecting Cloud 23 March 2016 Dr Kuan Hon @kuan∅ | Cloudscape 2016
  2. 2. @kuan∅ Canter through Already law ! – contracts from 1 Oct 2015 The Insolvency ( Protection of Essential Supplies ) Order 2015 Adoption expected 2016, effective in 2 yrs Network & Information Systems Security Directive ( NIS Directive ) General Data Protection Regulation ( GDPR )
  3. 3. @kuan∅ If cloud customer goes bust... More info Cloud provider can’t use contractual right, exerciseable upon administration or “voluntary arrangement”, to - Terminate contract - unless eg new charges unpaid >= 28 days Stop supply of service - unless notice to office- holder to terminate without personal guarantee of new charges, & none within 14 days
  4. 4. @kuan∅ More points • Purpose – where rescue / restructuring, ie breathing space only • Liquidation, bankruptcy - can still exercise contractual right to terminate • Not just cloud services – supply of o Data storage / processing ( which must include cloud ! ), webhosting, computer software / hardware, IT info / advice / assistance...
  5. 5. @kuan∅ NIS Directive All data, not just “personal data” Security obligations + breach / incident notification obligations + penalties for infringement – 2 classes Operators of essential services Banks, healthcare, transport, utilities, Internet infrastructure ( IXPs, DNS service providers, top level domain name registries ) Essential service relying on DSP, incident at provider “Digital service providers” ( lighter obligations ) Incl. ALL cloud providers - IaaS, PaaS, and SaaS ( Also search engines, online marketplaces )
  6. 6. @kuan∅ NIS Directive implications Cloud contracts ( operators using cloud for “essential service” ) provider notification Breach / incident notification to authorities systems & processes preparation / rehearsal – all stakeholders Insurance ?
  7. 7. @kuan∅ GDPR New processor ( cloud provider ) obligations Security, breach notification to customers, international transfers, records, DPO - 2% / €10m New processor ( cloud provider ) liability for compensation if “involved” in processing Choice of who to sue – bigger pockets ? Claim back against others at fault iff paid in full New detailed, prescriptive requirements regarding contract terms, incl. cloud contracts Audit rights + regulators can demand info / audits “Assist” cloud customer ( vs. commodity cloud )
  8. 8. @kuan∅ GDPR implications Cloud and other processor contracts - change of law / change control clause now ! Providers - allocate responsibilities & liabilities, indemnities; costs / pricing Both - new required terms - 2% / €10m Cloud-appropriate standard contract terms ? CIF, Eurocloud, CSA put forward for approval ? Approved certifications, codes of conduct Breach notification / preparation too ! Different authorities than under NIS Directive ? Insurance ?
  9. 9. @kuan∅ Killing cloud quickly with DP ? The GDPR's coming, soon to be law they say Middle of 20-18 may be the fateful day ! What will this mean for clo-ud ? Will cloud be here to sta-ay ? Don't want to be pessimistic, not sure how we'll find a way Killing cloud quickly with DP, killing cloud quickly, with DP, tearing up SaaS, PaaS and I-aaS Killing cloud quickly, with DP…? Full article Photo of Roberta Flack by Roland Godefroy CC BY SA 2.5
  10. 10. @kuan∅ Thank you! Dr Kuan Hon Half lawyer | half geek | mostly harmless Twitter: @kuan∅ Email: k @ my domain below; also www.kuan∅.com | blog.kuan∅.com