More Related Content

Kuan Hon - Big Legal Issues Affecting Cloud

  1. Big Legal Issues Affecting Cloud 23 March 2016 Dr Kuan Hon @kuan∅ | Cloudscape 2016
  2. @kuan∅ Canter through Already law ! – contracts from 1 Oct 2015 The Insolvency ( Protection of Essential Supplies ) Order 2015 Adoption expected 2016, effective in 2 yrs Network & Information Systems Security Directive ( NIS Directive ) General Data Protection Regulation ( GDPR )
  3. @kuan∅ If cloud customer goes bust... More info Cloud provider can’t use contractual right, exerciseable upon administration or “voluntary arrangement”, to - Terminate contract - unless eg new charges unpaid >= 28 days Stop supply of service - unless notice to office- holder to terminate without personal guarantee of new charges, & none within 14 days
  4. @kuan∅ More points • Purpose – where rescue / restructuring, ie breathing space only • Liquidation, bankruptcy - can still exercise contractual right to terminate • Not just cloud services – supply of o Data storage / processing ( which must include cloud ! ), webhosting, computer software / hardware, IT info / advice / assistance...
  5. @kuan∅ NIS Directive All data, not just “personal data” Security obligations + breach / incident notification obligations + penalties for infringement – 2 classes Operators of essential services Banks, healthcare, transport, utilities, Internet infrastructure ( IXPs, DNS service providers, top level domain name registries ) Essential service relying on DSP, incident at provider “Digital service providers” ( lighter obligations ) Incl. ALL cloud providers - IaaS, PaaS, and SaaS ( Also search engines, online marketplaces )
  6. @kuan∅ NIS Directive implications Cloud contracts ( operators using cloud for “essential service” ) provider notification Breach / incident notification to authorities systems & processes preparation / rehearsal – all stakeholders Insurance ?
  7. @kuan∅ GDPR New processor ( cloud provider ) obligations Security, breach notification to customers, international transfers, records, DPO - 2% / €10m New processor ( cloud provider ) liability for compensation if “involved” in processing Choice of who to sue – bigger pockets ? Claim back against others at fault iff paid in full New detailed, prescriptive requirements regarding contract terms, incl. cloud contracts Audit rights + regulators can demand info / audits “Assist” cloud customer ( vs. commodity cloud )
  8. @kuan∅ GDPR implications Cloud and other processor contracts - change of law / change control clause now ! Providers - allocate responsibilities & liabilities, indemnities; costs / pricing Both - new required terms - 2% / €10m Cloud-appropriate standard contract terms ? CIF, Eurocloud, CSA put forward for approval ? Approved certifications, codes of conduct Breach notification / preparation too ! Different authorities than under NIS Directive ? Insurance ?
  9. @kuan∅ Killing cloud quickly with DP ? The GDPR's coming, soon to be law they say Middle of 20-18 may be the fateful day ! What will this mean for clo-ud ? Will cloud be here to sta-ay ? Don't want to be pessimistic, not sure how we'll find a way Killing cloud quickly with DP, killing cloud quickly, with DP, tearing up SaaS, PaaS and I-aaS Killing cloud quickly, with DP…? Full article Photo of Roberta Flack by Roland Godefroy CC BY SA 2.5
  10. @kuan∅ Thank you! Dr Kuan Hon Half lawyer | half geek | mostly harmless Twitter: @kuan∅ Email: k @ my domain below; also www.kuan∅.com | blog.kuan∅.com