Photo by

Tiffany Wang is an IPilogue Writer, IP Innovation Clinic Fellow, and a 2L JD Candidate at Osgoode Hall Law School.

��

In 2019, Microsoft and the Pentagon signed a via deploying cloud technology. One man was not too happy with the agreement. , Jeff Bezos, persisted in fighting for the lucrative contract, especially after the Biden Administration began work at White House.��

Amazon Web Services, . Amazon’s efforts have not gone unnoticed.

, ending the feud between the two technology giants over the ten-year commercial contract. The DoD did not explicitly name the feud as the motivating factor for cancellation. Instead, the DoD announced that the ��John Sherman, acting Pentagon Chief Information Officer, stated that the inevitably call for novel strategies.

The JEDI deal has long been controversial. In 2019, Amazon suggested that the Pentagon award the contract to Microsoft due to . Moving away from a Microsoft monopoly, the current Biden administration welcomes bids from which satisfy the government’s standards. , and others have joined the ranks.

Companies anticipate competing for the new contract: . Attempting to canvass by military personnel.

The JEDI deal aims to upgrade the More than a contract duel, the JEDI deal acknowledges the rapid growth of the —and the pace at which the U.S. military needs to work to match this evolution.

Considering the forests rather than the trees, the Pentagon may have set its sights on competition from China instead of the clash amidst domestic technology titans. . In this cross-border military cloud computing race, the U.S. does not want China to win. If China wins the cloud computing marathon, the DoD will not celebrate on cloud nine.

The post Clouds Above the Pentagon appeared first on IPOsgoode.

Aishwerya Kansal is an��IPilogue��Writer, IP Innovation Clinic Fellow,��LL.M��Graduate (2020) at Osgoode��Professional Development, and IP Law Clerk at��Bereskin��& Parr LLP.��

��

OVERVIEW OF CLOUD COMPUTING

Cloud Computing has become an important technology in promoting global businesses during the pandemic. The technology has helped facilitate remote work. One of its most significant benefits is lowering the costs to store, retrieve, and maintain the security of data. However, cloud storage and data services raise several legal issues for cloud computing providers and users. There are multiple Cloud Service Providers (CSP) such as Amazon, Google, Verizon, Sales Force, and Microsoft, giving customers several options to choose from. Distributed data, stored in multiple locations, have shown to be cost effective, reliable, scalable, and fault-tolerant. However, consumers may be unaware of the technology’s enormous potential and the need for it to be . In order to prevent complications, consumers should be widely aware of recent advancements in cloud technology’s potentials and the evolving regulatory landscape.

Could computing is a form of software technology which provides information services on a virtual platform without the need for extensive infrastructure and dedicated access points. Common forms of cloud computing include . SaaS is a software application over the internet which allows users access rather than allowing storage and local use. Any application that is run through the cloud service falls under this category. Dropbox is a form of SaaS, whereas Microsoft windows, a computing platform, is a form of PaaS used for running or developing applications.

Cloud computing’s rapid growth leaves limited time for identifying and implementing the regulatory frameworks necessary to protect users’ privacy and data security. Efforts to build a unified regulatory framework have already begun. Enthusiasm about building a unified framework has created common ground among nations about information privacy regulation.[1] For example, the rolled out a comprehensive proposal addressing general data protection regulations (Draft Data Protection Regulation).[2] Similarly, the United States Federal Trade Commission introduced its bill aimed at data privacy for consumers in addition to providing a detailed report in 2012 titled “Protecting Consumer Privacy in an Era of Rapid Change" ("FTC Report 2012"). Despite efforts to protect users’ cloud data, some legal issues remain unresolved.

LEGAL ISSUES IN CLOUD COMPUTING

Cloud computing involves collaborative efforts from different parties in providing services. Therefore, ��it is challenging to ensure compliance with a regulatory framework if one were to be put in place. A few of the underlying issues involve . In order to attempt to resolve these issues, the law needs to address the following items : (1) regarding storage and transfer of cloud data, (2) data ownership issues, and (3) control and access to cloud data.

From the user’s perspective, a major issue is the location of the data storage and the data transit which depends on factors like contractual obligations as well as the service and deployment model between the CSP and users. Under some circumstances, CSPs have chosen to confine the routing of information to certain locations. In cloud technology, data’s exact location cannot be easily established. The law is particularly ambiguous with respect to . Therefore, it is crucial that users take the issue of data storage locations and transit routes into account before moving their data to cloud. Though data should be owned by the user who uploads it to the cloud, the service level agreements (SLA) and CSP contract should explicitly state possession, custody, and control including the ownership and access to the information stored in the cloud. Users’ dependency on cloud computing services, along with an increased difficulty in controlling, accessing, and owning data, will grow in the absence of laws regulating cloud computing services. Service providers and other contracting parties should have bargaining power when deciphering standards of agreement clauses.

The federal government in has laid down on businesses when they engage in collecting, using, and disclosing personal information. Canadians mostly use cloud-based services provided by the United States and other countries. It is implied that private sector privacy legislation does not prohibit entities from using a foreign service provider. The Federal Commissioner has asked that any entity in should inform its customers of this practice and provide information about the foreign country’s laws on data privacy. In Canada, in a class action lawsuit against Facebook. Cloud computing services are not limited to external online storage used by social media and email services. Many other internet services involve cloud computing. The court in the class action against Facebook had to decide whether the social media company was reasonably notifying its users of principles governing their privacy policy and whether they were mentioned in advertisements on the platform.

CONCLUSION

Cloud has provided new options for storage and transmission of data. It has also introduced a whole new gamut of risks. Simplification of the laws is essential in promoting widespread adoption of cloud technology. The need for simplifications was concurred by the World Economic Forum. A standardized approach to the privacy and security of data with respect to cloud services would benefit the consumers and service providers in any disputes that may arise. Once adequate regulation for cloud computing is in place and rights and liabilities of users and service providers are well laid out, the industry could ��go on to Effective regulations would address rights and liabilities, while having flexibility to incorporate future developments in the field.

��

[1] Nancy J King & VT Raja, "What do They Really Know about Me in the Cloud: A Comparative Law Perspective on Protecting Privacy and Security of Sensitive Consumer Data" (2013) 50:2 Am Bus LJ 413

[2] Commission Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), at 1, COM (2012) 11 final (Jan. 25, 2012) [hereinafter Draft Data Protection Regulation], available at http://ec.europa.eu/justice/data-protection/ document/review2012/com_20121 len.pdf.

The post Digital Age, Cloud, and Intellectual Property Issues appeared first on IPOsgoode.

The EU plans to leverage the����across����into a golden “digital single market” economy, including a GDP boost of 957 billion euros and 3.8 million jobs by 2020. The report addresses outstanding concerns, clarifies policy and regulatory aspects of the strategy, and sets key actions to assert Europe's future as a “world cloud computing powerhouse”. Whether one����or��, those in technology, regulatory, and business law would do well to prepare for likely squalls ahead.

First, the strategy involves “cutting through the jungle of standards”—a 27-nation-jungle with all manner of cloud-inhibiting flora, including differing legal frameworks, inconsistent criteria, uncertain jurisdiction, and lack of clear standards. The EC plans to respond with an overarching regime in which cloud providers may obtain certification to reassure clients that they meet set standards of, e.g., interoperability, data portability, and security, and adhere to all relevant laws. Here, problems may arise where ideal cloud standards like seamless transborder accessibility clash with existing legal standards such as transborder data flow restrictions.

Second, there are jurisdictional landscapes abroad to contend with. Conflict of laws figures large in a cloud computing future. Europe will have to collaborate with other countries on issues such as law enforcement, cybercrime,��, and competition; and vice versa.��Take Canada, for instance.����first established transjurisdictional enforcement: one province's court may enforce and recognize judgement from another province if there is a “real and substantial connection between the wrongdoing and the jurisdiction”.����extended this test to foreign jurisdictions, which����applied to enforce a New York copyright decision against an Ontario movie-downloading website. Imagine the complications if, for example, a Vancouver start-up using a Melbourne cloud provider with servers in Berlin were found to have violated () German privacy laws. (Conversely,����confirmed that the Privacy Commissioner of Canada has jurisdiction over foreign businesses or websites if there is a real and substantial connection to Canada and the subject matter is within the office's purview.)

Despite����having brought Canada's privacy laws��, further����with the United States may put Canada's privileged position at risk, with the EC laser-focused on building certainty and trust in cloud computing. The EU zone is well known for its������of the��,��though some have deemed these fears����in light of��.��This becomes especially significant now that EU����will no longer arise piecemeal from general��, but from uniformly enforced��.

Third, the EC seems to place much faith in the power of contracts to assuage worries. Emphasizing “safe and fair contract terms and conditions” as a key goal, the report proposes to create a model contract of standard terms and conditions that certification-seeking cloud businesses can emulate, addressing conditions such as data access, stewardship, control, usage, portability, liability, disclosure, preservation, and reversibility; service upgrades,, and continuity; and termination of services.��Many of these terms, according to the report, are currently missing from typical “take it or leave it” cloud service contracts (known as��), making for one-sided bargains.

Considering the stakes (another key goal is aggressively driving����in the form of��services), these contracts are bound to undergo intense scrutiny and sprout new jurisprudence before anything may be considered “standard”. Combined with conflicts of law and potential tort liability (if, for example, cloud computing became such an integral part of civil society that cloud providers were found to owe some form of fiduciary duty), suffice it to say that private law's future in the clouds looks bright.

Of course, there is always the possibility that cloud computing will lead to nothing particularly new in law. In fact,��, Vice President Public Policy of the Software & Information Industry Association, believes that “there is no need for special privacy, security, intellectual property or consumer protection rules that apply just to cloud computing. Generalized rules, indeed, globally interoperable rules, are best suited to the global, borderless nature of cloud computing.” Most available legal tools needed to achieve such a state of affairs, however, are currently neither globally interoperable nor borderless. Regardless, one thing is��certain: if the EC gets its way, it won't be too long before users across Europe find themselves living on cloud 9.0.

Cynthia Khoo is a JD Candidate at the University of Victoria.

The post Sunny with a Chance of Chill: Forecasting EU's New Cloud Computing Strategy appeared first on IPOsgoode.