Академический Документы
Профессиональный Документы
Культура Документы
to Cloud Computing
Nolan M. Goldberg
Senior Counsel
IP & Technology
ngoldberg@proskauer.com
1
Today’s Most Important Slide
• All cloud
services are
not equal.
2
The Key Legal Question
Is a Particular Cloud
Suitable for a Particular
Application?
- Governed by the
service’s contracts,
structure, and
technology.
3
The Solution
• It is a best
practice to
undertake a legal
due diligence
investigation prior
to adoption.
4
Three Due Diligence Questions
6
For better or worse…..
• The physical
location(s) of a
cloud will
influence the
legal risks and
protections
afforded to data
on the service.
7
The Stored Communications Act
(18 U.S.C. § 2701, et seq.)
8
In Re Beluga
“…Google and its servers are
located within the United States
and therefore…the ECPA
prohibits Google from disclosing
the contents of those email
accounts until it receives
consents from the email account
holders.”
9
The US Constitution
10
The US Patriot Act
11
Protecting Your IP
• Should your IP be
stolen from a Cloud,
the location of both
the system and the
theft will impact your
ability to seek
appropriate relief.
12
Contracts
• The validity or
construction of
certain common
contractual terms
will vary based on
the location of the
cloud.
13
Example: Contractual Variation
14
Example (cont.)
Modifications.
a. To the Services. [Provider] may
make commercially reasonable
modifications to the Service, or
particular components of the
Service, from time to time.
[Provider] will use commercially
reasonable efforts to notify
Customer of any such changes.
15
Example (Cont.)
“We may change the
service or delete features
at any time and for any
reason. We may cancel or
suspend your service at any
time. Our cancellation or
suspension may be without
cause and/or without notice.”
16
Example: Provider Liability
17
Export
• Will loading data
onto a foreign
cloud violate
local rules on the
export of
controlled
technologies?
18
Jurisdiction
• By storing data at
a given location,
is there an
increased chance
of being subject
to litigation in that
jurisdiction?
19
Privacy
• Can the cloud service comply with
applicable processing, retention or
transfer restrictions?
• Will the operation of the service
unintentionally entangle data not
already subject to processing
restrictions?
20
Example – EU Data Directive
21
Contractual Suitability
22
Example: Trade Secrets
23
Data Ownership
• Governed by the service
agreement.
• There is the potential that rights
given to the vendor will diminish
the value and protections
afforded the underlying data.
24
The Vendor May Need Certain Rights in Your
Data to Operate its Service
25
The Vendor May Want Certain Rights in Your
Data to Generate Revenue
26
Reasonableness
The Cloud
Computing Project at
Queen Mary
University of London
analyzed cloud
contracts to find
common practices.
27
Securing Data in the Cloud
28
Structure
29
The Contract “Controls” the
Scope of Discovery Obligations
The starting point
for determining
control over ESI
on the cloud (or
related metadata,
log files, etc.,) is
the contract.
30
Determining Control in the Cloud
Contract Consumer
Cloud Service Provider Consumer
31
Control of Data in Multi-Party
Clouds (cont.)
ID as a Service
Cloud Infrastructure Contract 3 Cloud Infrastructure
Provider Provider 2
Contract 2
Consumer
Applications Contract 1
Provider
Consumer 2
32
Control of Data in Multi-Party
Clouds (cont.)
Cloud Service
Cloud Service Cloud Service
Co
Contract
ct
ra
nt
nt
ra
Co
ct
Aggregator
Contract
Consumer
33
Multi-Party Cloud Due Diligence
34
Example – Los Angeles
CSC Contract 1
Los
Angeles
Contract 1
Google Contract 2
36
For More Information….
Please e-mail:
ngoldberg@proskauer.com
37
A Strategic Approach
to Cloud Computing
Nolan M. Goldberg
Senior Counsel
IP & Technology
ngoldberg@proskauer.com
38