Service Providers And The Law

Syed Raza

Cloud Service Providers And The Law

Imagine opting out of the continuous struggle to keep software up to date, and essentially getting rid of overburdened corporate IT departments struggling to keep systems functional. This initial flavor of cloud computing given to the public is increasingly holding true to its promise due to numerous benefits such as flexibility, cost reduction, accessibility, and reliability. Undoubtedly, cloud computing presents a potential paradigm shift for all industries and sectors with many benefits such as flexibility, cost reduction, accessibility, and reliability.

While several technical benefits of cloud computing exist, there are few important considerations for users and corporations. One of the most important is the legal repercussions these new technologies may trigger. With the arrival of any new technology, the applicability of existing laws and the possibility of new laws tailored specifically to the new technology remain unclear until precedents are set. The cloud computing phenomena is global in nature challenging the very touchstone of jurisdictional complexities.

Cloud Service Providers And The Law

(Infographic Source: Business Of Law Blog)

These legal qualms pose significant risks to cloud service providers and users alike. Service providers constantly battle to strike a balance between reward of investing in better and new technologies; on the other hand, they expose themselves to greater risk of potential lawsuits as well as uncertain future regulations. For small businesses, this issue may even be greater as they lack resources to effectively negotiate contracts with large cloud service providers. On the other hand, large corporations may be easier to draft and negotiate a ‘strong’ contract with service providers.

Broadly speaking, there are six widely applicable regulations relating to cloud computing in the United States.

1. Stored communications Act (SCA)
2. USA Patriot Act
3. The health Insurance Portability and Accountability Act (HIPAA)
4. US Export Control Regulations
5. Federal Trade Commission Act
6. Communications Privacy Act of 1986 (ECPA).

While laws extensively cover areas related to security and privacy, loopholes are certain when referring matters relating to cloud computing. For instance, in 2011, a class action complaint was lodged against a cloud storage provider in Wong v. Dropbox, Inc., where, it was alleged that the company violated the California Unfair Competition Law and negligently invaded privacy of individuals. The class action complaint against Dropbox arose out of an update that inadvertently allowed anyone to log into any account using any password within a four hour window.

The risks are geared towards confusion as to applicable laws, the changing regulatory climate, and lack of industry standards. Cloud computing does reflect paradigm shift for both users and corporations, as it allows taking advantage of economies of scale as well as specialization to provide a more efficient and economical solution.

As jurisdiction within the cloud is so unclear, the only option would be to come to a mutual agreement or a compromise between cloud provider and user. Therefore, a harmonious and uniform set of laws governing data privacy and security is required which, in turn, would be beneficial in several respects. For instance, service providers would be able to assess their risks more accurately subsequently decreasing the need for them to push their risk onto users through contracts that force the customer to deal with privacy breaches that may be the fault of the service provider.

By Syed Raza

Dan Teichman
Cloud-Native Communications Historically, Communication Service Providers (CSPs) networks ran on purpose-built hardware. However, in the early 2000s organizations started to update their infrastructure, moving to virtualization. Now, providers are looking to take the next step, ...
Dinesh Varadharajan
The Future with Automation Many entrepreneurs believe digital technologies will transform the way their companies work. By 2022, the worldwide hyper-automation technology market is expected to be worth $596.6 billion. And by 2055, almost half ...
Alex Tkatch
Best Practices for Designing and Executing a Product Launch Nothing in entrepreneurial life is more exciting, frustrating, time-consuming and uncertain than launching a new product. Creating something new and different can be exhilarating, assuming everything ...
Gary Bernstein
Most Dangerous Botnets While it’s no secret that the technical sophistication of cyber-attacks grows exponentially, adversaries often need widespread networks to make it happen. One of the ways to do that is to infect legitimate ...
Gary Bernstein
Test Data Management How do you test your data management systems? With Delphix, you can automate your tests by running your data against a virtual copy of your production environment. Today, the amount of data ...