SlideShare a Scribd company logo

Bird&Bird

Frits Bussemaker
Frits Bussemaker

Presentation Huub de Jong, Bird&Bird

TechnologyBusiness
1 of 19
Download to read offline
Engaging the cloud: Legal issues to consider when using the cloud 31 May 2012 Huub de Jong
• 900 lawyers full service law firm • Focus on high tech and regulated sectors • Innovative solutions to the world’s most technologically advanced companies to •Commercial help them realise their business goals •Regulatory and administrative •Intellectual property •Privacy and data protection •EU & competition law •Outsourcing •Dispute resolution •Employment •Corporate M&A •Notary
Overview ● What is cloud computing? ● Data protection compliance in the cloud ● Data management issues to consider when drafting cloud service agreements
What is cloud computing?
What is Cloud Computing? ● It depends who you ask…. ● A simple definition is: "Delivery of IT Services provided using the internet" ● Cloud Computing can take various forms
Different forms of Cloud Computing Infrastructure Software as a Platform as a as a Service Service (SaaS) Service (PaaS) (IaaS) Application Application Application Platform Platform Platform Internal Customer Boundary External Infrastructure Infrastructure Infrastructure
Potential Benefits and Risks of Cloud Computing Benefits Risks Reduced infrastructure costs and potential reduced licence Reliance on online connectivity - the internet could be the fees (e.g. pay for usage) single point of failure within an organisation. How long can the business survive without access? Anytime, anywhere access Lack of integration with legacy systems Part of green ICT agenda – organisations can outsource Compliance issues – data protection, encryption, their carbon usage to organisations geared up to manage Sarbanes-Oxley… and minimise that impact Potentially improved support & maintenance Contracting on fixed standard terms with limited warranties, indemnities etc Costs should decrease as number of users increase Risk of hidden extras (e.g. if capacity or usage or storage goes beyond set amounts) Reduced internal management overheads - both cost and Data goes outside the corporate firewall, so security time concerns, risk of data loss, concerns around data portability, exit, insolvency of supplier….
Data protection compliance
Cloud computing vs. US Patriot Act
EU Data Protection Directive •Applicability of EU Data Protection Directive •Lawful (international) processing •Safe Harbour and •EU Standard Contractual Clauses •What about compliance in the US? •Future: EU Data Protection Regulation and large fines?!
US Patriot Act – I’m not a US lawyer! •Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 •FISA Orders en National Security Letters •applicability •confidentiality •Is the US Patriot Act used in the EU? •What happens in the future: …?
US Patriot Act vs. EU Data Protection Directive POSITION EU ● controller remains responsible ● legal ground and transparency ● options to transfer to third parties are limited ● no generic exception for foreign POSITION US legislation ● processor must deliver ● confidentiality ● not limited to US boarders ● no (generic) exception for EU data protection legislation
behandling af følsomme personoplysninger i cloud-løsning • Google Apps’ use by teachers in municipality of Odense • Google Ireland Ltd is processor • data processed in Google Inc’s datacenters in US and Europe   Odense has, in reality, no control of Odense has, in reality, no control of how the data will be processed how the data will be processed   Odense cannot actively ensure Odense cannot actively ensure security measures are upheld security measures are upheld   Danish DPA willing to reconsider … if Danish DPA willing to reconsider … if Odense continues work on the case Odense continues work on the case and seeks solutions and seeks solutions
Contractual issues to consider
The terms and conditions of suppliers ● As a general rule, customer data ● We may disclose to parties will not be transferred to data outside Dropbox files stored in centers outside that region [ie your Dropbox and information EU/EEA]. about you that we collect when ● There are, however, some we have a good faith belief that limited circumstances where disclosure is reasonably customer data might be accessed necessary to … comply with a by Microsoft personnel or law, regulation or compulsory subcontractors from outside the legal request specified region (e.g., for ● we will remove Dropbox’s technical support, encryption from the files before troubleshooting, or in response providing them to law to a valid legal subpoena) enforcement
Data Management in the Cloud – Drafting issues to consider ● Use of data • Seems obvious, but need to be clear what provider can do with the data ● Data ownership • Again, may seem obvious – but occasionally providers seek to own content generated in the cloud ● Security standards and segregation • Require provider to comply with industry best practice • Consider the need for encryption when data in transit • Require data to be kept in a way which it is easily accessible and avoid risks of 'contamination'
Data Management in the Cloud – Drafting issues to consider ● Portability of data • Make sure consider 'exit' situation • Consider what happens if the provider is insolvent – early warnings? • Include language to ensure that data returned on demand (regardless of outstanding fees etc) ● Consider the need for back-ups • Be conscious of exclusions on liability for 'data loss' • Consider costs of restoring lost or deleted data • Issue of malicious deletion of data ● Staff issues • Most likely point of failure
Negotiating Cloud Services Agreements (£) – service element that may attract additional charges – vary between vendors Implementation Service Exit / Transition •Configuration •Availability and •Notice assistance (£) performance provisions and •Acceptance service levels (£) termination Process •Service credits rights •Migration from (£) •Data portability legacy systems •Scaling – •Configuration •Integration with storage, users information other systems (£) •Transition (£) •Support (£) support (£) •Training (£) •Back-up and •Escrow (£) •Migration in - data recovery (£) •Migration out - Data Protection •Data Protection Data Protection Compliance & Security Compliance •Audit rights
Thank you www.huubdejong.nl Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses. Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number OC340318 and is regulated by the Solicitors Regulation Authority. Its registered office and principal place of business is at 15 Fetter Lane, London EC4A 1JP. A list of members of Bird & Bird LLP and of any non-members who are designated as partners, and of their respective professional qualifications, is open to inspection at that address. www.twobirds.com

Recommended

Forrester
ForresterForrester
ForresterFrits Bussemaker
 
Intel Cloud summit: Big Data by Nick Knupffer
Intel Cloud summit: Big Data by Nick KnupfferIntel Cloud summit: Big Data by Nick Knupffer
Intel Cloud summit: Big Data by Nick KnupfferIntelAPAC
 
Big Data World Forum
Big Data World ForumBig Data World Forum
Big Data World Forumbigdatawf
 
Big Data World Forum
Big Data World ForumBig Data World Forum
Big Data World Forumbigdatawf
 
OSS Presentation Keynote by Per Sedihn
OSS Presentation Keynote by Per SedihnOSS Presentation Keynote by Per Sedihn
OSS Presentation Keynote by Per SedihnOpenStorageSummit
 
Information Explosion - Erik Moller
Information Explosion - Erik MollerInformation Explosion - Erik Moller
Information Explosion - Erik MollerHPDutchWorld
 
Got Big Data? Get OpenSplice!
Got Big Data? Get OpenSplice!Got Big Data? Get OpenSplice!
Got Big Data? Get OpenSplice!Angelo Corsaro
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 

Recommended

Forrester
ForresterForrester
ForresterFrits Bussemaker
 
Intel Cloud summit: Big Data by Nick Knupffer
Intel Cloud summit: Big Data by Nick KnupfferIntel Cloud summit: Big Data by Nick Knupffer
Intel Cloud summit: Big Data by Nick KnupfferIntelAPAC
 
Big Data World Forum
Big Data World ForumBig Data World Forum
Big Data World Forumbigdatawf
 
Big Data World Forum
Big Data World ForumBig Data World Forum
Big Data World Forumbigdatawf
 
OSS Presentation Keynote by Per Sedihn
OSS Presentation Keynote by Per SedihnOSS Presentation Keynote by Per Sedihn
OSS Presentation Keynote by Per SedihnOpenStorageSummit
 
Information Explosion - Erik Moller
Information Explosion - Erik MollerInformation Explosion - Erik Moller
Information Explosion - Erik MollerHPDutchWorld
 
Got Big Data? Get OpenSplice!
Got Big Data? Get OpenSplice!Got Big Data? Get OpenSplice!
Got Big Data? Get OpenSplice!Angelo Corsaro
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
Big Data World Forum
Big Data World ForumBig Data World Forum
Big Data World Forumbigdatawf
 
Cloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud Legal Project
 
Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloudCloud Legal Project
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File VirtualizationFindWhitePapers
 
Data Curation at the New York Times
Data Curation at the New York TimesData Curation at the New York Times
Data Curation at the New York TimesEdward Curry
 
Box Private Vendor Watchlist Profile: Cloud - Based Content Collaboration Ser...
Box Private Vendor Watchlist Profile: Cloud - Based Content Collaboration Ser...Box Private Vendor Watchlist Profile: Cloud - Based Content Collaboration Ser...
Box Private Vendor Watchlist Profile: Cloud - Based Content Collaboration Ser...arms8586
 
Defining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case AssessmentDefining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case AssessmentAubrey Owens
 
Stop retaining forever
Stop retaining foreverStop retaining forever
Stop retaining foreverQuestexConf
 
Big data primer
Big data primerBig data primer
Big data primerStacia Misner
 
Security - Situational awareness
Security - Situational awarenessSecurity - Situational awareness
Security - Situational awarenessRaffael Marty
 
The journey to Private AI, where Privacy-Preserving ML meets DLT
The journey to Private AI, where Privacy-Preserving ML meets DLTThe journey to Private AI, where Privacy-Preserving ML meets DLT
The journey to Private AI, where Privacy-Preserving ML meets DLTOmid Mogharian
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsAndris Soroka
 
Big Data Whitepaper - Streams and Big Insights Integration Patterns
Big Data Whitepaper - Streams and Big Insights Integration PatternsBig Data Whitepaper - Streams and Big Insights Integration Patterns
Big Data Whitepaper - Streams and Big Insights Integration PatternsMauricio Godoy
 
Linked Open Data
Linked Open DataLinked Open Data
Linked Open DataDerilinx
 
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...Dana Gardner
 
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...Everteam
 
Big Data in Context
Big Data in ContextBig Data in Context
Big Data in ContextFreeform Dynamics
 
ABN AMRO
ABN AMROABN AMRO
ABN AMROFrits Bussemaker
 
Community Building
Community BuildingCommunity Building
Community BuildingFrits Bussemaker
 
Communitybuildingv3
Communitybuildingv3Communitybuildingv3
Communitybuildingv3Frits Bussemaker
 
Peter Warman
Peter WarmanPeter Warman
Peter WarmanFrits Bussemaker
 
Thingscon 2015 Iskander Smit
Thingscon 2015 Iskander SmitThingscon 2015 Iskander Smit
Thingscon 2015 Iskander SmitInfo.nl
 

More Related Content

What's hot

Big Data World Forum
Big Data World ForumBig Data World Forum
Big Data World Forumbigdatawf
 
Cloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud Legal Project
 
Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloudCloud Legal Project
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File VirtualizationFindWhitePapers
 
Data Curation at the New York Times
Data Curation at the New York TimesData Curation at the New York Times
Data Curation at the New York TimesEdward Curry
 
Box Private Vendor Watchlist Profile: Cloud - Based Content Collaboration Ser...
Box Private Vendor Watchlist Profile: Cloud - Based Content Collaboration Ser...Box Private Vendor Watchlist Profile: Cloud - Based Content Collaboration Ser...
Box Private Vendor Watchlist Profile: Cloud - Based Content Collaboration Ser...arms8586
 
Defining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case AssessmentDefining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case AssessmentAubrey Owens
 
Stop retaining forever
Stop retaining foreverStop retaining forever
Stop retaining foreverQuestexConf
 
Security - Situational awareness
Security - Situational awarenessSecurity - Situational awareness
Security - Situational awarenessRaffael Marty
 
The journey to Private AI, where Privacy-Preserving ML meets DLT
The journey to Private AI, where Privacy-Preserving ML meets DLTThe journey to Private AI, where Privacy-Preserving ML meets DLT
The journey to Private AI, where Privacy-Preserving ML meets DLTOmid Mogharian
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsAndris Soroka
 
Big Data Whitepaper - Streams and Big Insights Integration Patterns
Big Data Whitepaper - Streams and Big Insights Integration PatternsBig Data Whitepaper - Streams and Big Insights Integration Patterns
Big Data Whitepaper - Streams and Big Insights Integration PatternsMauricio Godoy
 
Linked Open Data
Linked Open DataLinked Open Data
Linked Open DataDerilinx
 
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...Dana Gardner
 
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...Everteam
 

What's hot (17)

Big Data World Forum
Big Data World ForumBig Data World Forum
Big Data World Forum
 
Cloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud computing: opportunities and risks
Cloud computing: opportunities and risks
 
Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloud
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File Virtualization
 
Data Curation at the New York Times
Data Curation at the New York TimesData Curation at the New York Times
Data Curation at the New York Times
 
Box Private Vendor Watchlist Profile: Cloud - Based Content Collaboration Ser...
Box Private Vendor Watchlist Profile: Cloud - Based Content Collaboration Ser...Box Private Vendor Watchlist Profile: Cloud - Based Content Collaboration Ser...
Box Private Vendor Watchlist Profile: Cloud - Based Content Collaboration Ser...
 
Defining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case AssessmentDefining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case Assessment
 
Stop retaining forever
Stop retaining foreverStop retaining forever
Stop retaining forever
 
Big data primer
Big data primerBig data primer
Big data primer
 
Security - Situational awareness
Security - Situational awarenessSecurity - Situational awareness
Security - Situational awareness
 
The journey to Private AI, where Privacy-Preserving ML meets DLT
The journey to Private AI, where Privacy-Preserving ML meets DLTThe journey to Private AI, where Privacy-Preserving ML meets DLT
The journey to Private AI, where Privacy-Preserving ML meets DLT
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
 
Big Data Whitepaper - Streams and Big Insights Integration Patterns
Big Data Whitepaper - Streams and Big Insights Integration PatternsBig Data Whitepaper - Streams and Big Insights Integration Patterns
Big Data Whitepaper - Streams and Big Insights Integration Patterns
 
Linked Open Data
Linked Open DataLinked Open Data
Linked Open Data
 
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
 
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
 
Big Data in Context
Big Data in ContextBig Data in Context
Big Data in Context
 

Viewers also liked

Thingscon 2015 Iskander Smit
Thingscon 2015 Iskander SmitThingscon 2015 Iskander Smit
Thingscon 2015 Iskander SmitInfo.nl
 
Facebook interactive session - ABN AMRO
Facebook interactive session - ABN AMROFacebook interactive session - ABN AMRO
Facebook interactive session - ABN AMROInfo.nl
 

Viewers also liked (7)

ABN AMRO
ABN AMROABN AMRO
ABN AMRO
 
Community Building
Community BuildingCommunity Building
Community Building
 
Communitybuildingv3
Communitybuildingv3Communitybuildingv3
Communitybuildingv3
 
Peter Warman
Peter WarmanPeter Warman
Peter Warman
 
Thingscon 2015 Iskander Smit
Thingscon 2015 Iskander SmitThingscon 2015 Iskander Smit
Thingscon 2015 Iskander Smit
 
Facebook interactive session - ABN AMRO
Facebook interactive session - ABN AMROFacebook interactive session - ABN AMRO
Facebook interactive session - ABN AMRO
 
Carla hoekendijk
Carla hoekendijkCarla hoekendijk
Carla hoekendijk
 

Similar to Bird&Bird

Cloud Computing - a legal view from Bird & Bird
Cloud Computing - a legal view from Bird & BirdCloud Computing - a legal view from Bird & Bird
Cloud Computing - a legal view from Bird & BirdEduserv
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 
IT Series: Cloud Computing Done Right CISOA 2011
IT Series: Cloud Computing Done Right CISOA 2011IT Series: Cloud Computing Done Right CISOA 2011
IT Series: Cloud Computing Done Right CISOA 2011Donald E. Hester
 
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...Danny Miller
 
Iia 2012 Spring Conference Philly V Final
Iia 2012 Spring Conference Philly V FinalIia 2012 Spring Conference Philly V Final
Iia 2012 Spring Conference Philly V FinalDanny Miller
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Druva
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30This account is closed
 
Securing Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeSecuring Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeAhmad Abdalla
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
Cloud Computing and eDiscovery: What is in it for you? By ESG's Brian Babinea...
Cloud Computing and eDiscovery: What is in it for you? By ESG's Brian Babinea...Cloud Computing and eDiscovery: What is in it for you? By ESG's Brian Babinea...
Cloud Computing and eDiscovery: What is in it for you? By ESG's Brian Babinea...CaseCentral
 
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of TradeSecuring Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of TradeLisa Abe-Oldenburg, B.Comm., JD.
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudCompTIA UK
 

Similar to Bird&Bird (20)

Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud Computing
 
Legal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landyLegal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landy
 
Cloud Computing - a legal view from Bird & Bird
Cloud Computing - a legal view from Bird & BirdCloud Computing - a legal view from Bird & Bird
Cloud Computing - a legal view from Bird & Bird
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
 
IT Series: Cloud Computing Done Right CISOA 2011
IT Series: Cloud Computing Done Right CISOA 2011IT Series: Cloud Computing Done Right CISOA 2011
IT Series: Cloud Computing Done Right CISOA 2011
 
Business in the cloud
Business in the cloudBusiness in the cloud
Business in the cloud
 
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...
 
Iia 2012 Spring Conference Philly V Final
Iia 2012 Spring Conference Philly V FinalIia 2012 Spring Conference Philly V Final
Iia 2012 Spring Conference Philly V Final
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)
 
Mining IT Summit Nov 6 2014
Mining IT Summit Nov 6 2014Mining IT Summit Nov 6 2014
Mining IT Summit Nov 6 2014
 
Lets Do the Cloud-CFO Summit 2013
Lets Do the Cloud-CFO Summit 2013Lets Do the Cloud-CFO Summit 2013
Lets Do the Cloud-CFO Summit 2013
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
 
GDPR v pojetí F5
GDPR v pojetí F5GDPR v pojetí F5
GDPR v pojetí F5
 
Securing Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeSecuring Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & Netskope
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
Rubik cloud risks-jun2012
Rubik cloud risks-jun2012Rubik cloud risks-jun2012
Rubik cloud risks-jun2012
 
Cloud Computing and eDiscovery: What is in it for you? By ESG's Brian Babinea...
Cloud Computing and eDiscovery: What is in it for you? By ESG's Brian Babinea...Cloud Computing and eDiscovery: What is in it for you? By ESG's Brian Babinea...
Cloud Computing and eDiscovery: What is in it for you? By ESG's Brian Babinea...
 
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of TradeSecuring Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
 

Recently uploaded

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 

Recently uploaded (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

Bird&Bird

  • 1. Engaging the cloud: Legal issues to consider when using the cloud 31 May 2012 Huub de Jong
  • 2. 900 lawyers full service law firm • Focus on high tech and regulated sectors • Innovative solutions to the world’s most technologically advanced companies to •Commercial help them realise their business goals •Regulatory and administrative •Intellectual property •Privacy and data protection •EU & competition law •Outsourcing •Dispute resolution •Employment •Corporate M&A •Notary
  • 3. Overview ● What is cloud computing? ● Data protection compliance in the cloud ● Data management issues to consider when drafting cloud service agreements
  • 4. What is cloud computing?
  • 5. What is Cloud Computing? ● It depends who you ask…. ● A simple definition is: "Delivery of IT Services provided using the internet" ● Cloud Computing can take various forms
  • 6. Different forms of Cloud Computing Infrastructure Software as a Platform as a as a Service Service (SaaS) Service (PaaS) (IaaS) Application Application Application Platform Platform Platform Internal Customer Boundary External Infrastructure Infrastructure Infrastructure
  • 7. Potential Benefits and Risks of Cloud Computing Benefits Risks Reduced infrastructure costs and potential reduced licence Reliance on online connectivity - the internet could be the fees (e.g. pay for usage) single point of failure within an organisation. How long can the business survive without access? Anytime, anywhere access Lack of integration with legacy systems Part of green ICT agenda – organisations can outsource Compliance issues – data protection, encryption, their carbon usage to organisations geared up to manage Sarbanes-Oxley… and minimise that impact Potentially improved support & maintenance Contracting on fixed standard terms with limited warranties, indemnities etc Costs should decrease as number of users increase Risk of hidden extras (e.g. if capacity or usage or storage goes beyond set amounts) Reduced internal management overheads - both cost and Data goes outside the corporate firewall, so security time concerns, risk of data loss, concerns around data portability, exit, insolvency of supplier….
  • 9. Cloud computing vs. US Patriot Act
  • 10. EU Data Protection Directive •Applicability of EU Data Protection Directive •Lawful (international) processing •Safe Harbour and •EU Standard Contractual Clauses •What about compliance in the US? •Future: EU Data Protection Regulation and large fines?!
  • 11. US Patriot Act – I’m not a US lawyer! •Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 •FISA Orders en National Security Letters •applicability •confidentiality •Is the US Patriot Act used in the EU? •What happens in the future: …?
  • 12. US Patriot Act vs. EU Data Protection Directive POSITION EU ● controller remains responsible ● legal ground and transparency ● options to transfer to third parties are limited ● no generic exception for foreign POSITION US legislation ● processor must deliver ● confidentiality ● not limited to US boarders ● no (generic) exception for EU data protection legislation
  • 13. behandling af følsomme personoplysninger i cloud-løsning • Google Apps’ use by teachers in municipality of Odense • Google Ireland Ltd is processor • data processed in Google Inc’s datacenters in US and Europe   Odense has, in reality, no control of Odense has, in reality, no control of how the data will be processed how the data will be processed   Odense cannot actively ensure Odense cannot actively ensure security measures are upheld security measures are upheld   Danish DPA willing to reconsider … if Danish DPA willing to reconsider … if Odense continues work on the case Odense continues work on the case and seeks solutions and seeks solutions
  • 15. The terms and conditions of suppliers ● As a general rule, customer data ● We may disclose to parties will not be transferred to data outside Dropbox files stored in centers outside that region [ie your Dropbox and information EU/EEA]. about you that we collect when ● There are, however, some we have a good faith belief that limited circumstances where disclosure is reasonably customer data might be accessed necessary to … comply with a by Microsoft personnel or law, regulation or compulsory subcontractors from outside the legal request specified region (e.g., for ● we will remove Dropbox’s technical support, encryption from the files before troubleshooting, or in response providing them to law to a valid legal subpoena) enforcement
  • 16. Data Management in the Cloud – Drafting issues to consider ● Use of data • Seems obvious, but need to be clear what provider can do with the data ● Data ownership • Again, may seem obvious – but occasionally providers seek to own content generated in the cloud ● Security standards and segregation • Require provider to comply with industry best practice • Consider the need for encryption when data in transit • Require data to be kept in a way which it is easily accessible and avoid risks of 'contamination'
  • 17. Data Management in the Cloud – Drafting issues to consider ● Portability of data • Make sure consider 'exit' situation • Consider what happens if the provider is insolvent – early warnings? • Include language to ensure that data returned on demand (regardless of outstanding fees etc) ● Consider the need for back-ups • Be conscious of exclusions on liability for 'data loss' • Consider costs of restoring lost or deleted data • Issue of malicious deletion of data ● Staff issues • Most likely point of failure
  • 18. Negotiating Cloud Services Agreements (£) – service element that may attract additional charges – vary between vendors Implementation Service Exit / Transition •Configuration •Availability and •Notice assistance (£) performance provisions and •Acceptance service levels (£) termination Process •Service credits rights •Migration from (£) •Data portability legacy systems •Scaling – •Configuration •Integration with storage, users information other systems (£) •Transition (£) •Support (£) support (£) •Training (£) •Back-up and •Escrow (£) •Migration in - data recovery (£) •Migration out - Data Protection •Data Protection Data Protection Compliance & Security Compliance •Audit rights
  • 19. Thank you www.huubdejong.nl Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses. Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number OC340318 and is regulated by the Solicitors Regulation Authority. Its registered office and principal place of business is at 15 Fetter Lane, London EC4A 1JP. A list of members of Bird & Bird LLP and of any non-members who are designated as partners, and of their respective professional qualifications, is open to inspection at that address. www.twobirds.com