Christopher Millard - Cloud Computing Law

CLOUD COMPUTING LAW

Edited by
CHRISTOPHER MILLARD

Great Clarendon Street, Oxford, OX2 6DP,
United Kingdom

Oxford University Press is a department of the University of Oxford.
It furthers the Universitys objective of excellence in research, scholarship,
and education by publishing worldwide. Oxford is a registered trade mark of
Oxford University Press in the UK and in certain other countries

The Several Contributors, 2013

The moral rights of the authors have been asserted

First Edition published in 2013

Impression: 1

All rights reserved. No part of this publication may be reproduced, stored in
a retrieval system, or transmitted, in any form or by any means, without the
prior permission in writing of Oxford University Press, or as expressly permitted
by law, by licence, or under terms agreed with the appropriate reprographics
rights organization. Enquiries concerning reproduction outside the scope of the
above should be sent to the Rights Department, Oxford University Press, at the
address above

You must not circulate this work in any other form
and you must impose this same condition on any acquirer

Crown copyright material is reproduced under Class Licence
Number C01P0000148 with the permission of OPSI
and the Queens Printer for Scotland

Published in the United States of America by Oxford University Press
198 Madison Avenue, New York, NY 10016, United States of America

British Library Cataloguing in Publication Data

Data available

Library of Congress Control Number: 2013940565

ISBN 9780199671670 (hbk.)

ISBN 9780199671687 (pbk.)

Printed in Great Britain by
CPI Group (UK) Ltd, Croydon, CR0 4YY

Links to third party websites are provided by Oxford in good faith and
for information only. Oxford disclaims any responsibility for the materials
contained in any third party website referenced in this work.

What is distinctive about this new technological development and why does it merit special treatment by legislators, regulators, lawyers, and the business community? This question, or a subset or variant of it, was often put to me in the early 1980s when I told people that I was a computer lawyer. Three decades later, I often have a sense of dj vu as I seek to explain why cloud computing gives rise to legal and regulatory challenges of sufficient importance, novelty, and complexity that cloud computing law is worthy of attention as a specialist area of legal research, teaching, and practice. This should no longer surprise me, however, as along the way I encountered reactions ranging from bemusement to scepticism when I shifted my focus to encompass telecoms law (1984), Internet law (1994), and eCommerce law (1996). To be fair, when I moved on to cloud law in 2008, relatively few people had ever heard of the cloud, although many were already becoming reliant on cloud services unwittingly.

In one sense, the sceptics are of course right. Cloud computing, whereby computing resources are delivered as an online utility service, is in large part an evolution of existing technologies and business models, though there are some important differences as we will see in ). Moreover, as has been the case with regard to other aspects of computing, communications, the Internet, and eCommerce, legislators and regulators are already finding it difficult to resist the temptation to introduce sector-specific, and even technology-specific, rules to address particular aspects of cloud computing that they consider inadequately regulated.

This is not to say that the law should be static, nor that it is always inappropriate to introduce new rules in response to technological innovation or other developments. Finding the right balance can, however, be a significant challenge and this is a recurring theme in technology law discussions. As I wrote in the preface to a previous book (referencing Charles Dickens):

Even when it is not an ass, the law tends to be a rather slow moving animal. This intrinsic resistance to change is an ambivalent characteristic. In its favour, it must be said that the resultant continuity and certainty can be highly beneficial. Indeed, it is probably for these qualities more than any other that the law is invoked on a daily basis as a source of stability in social and economic relationships. Yet too much permanence in a highly impermanent world can be a recipe for friction and ultimately irrelevance.

Questions of how best to find an appropriate balance between certainty and flexibility, and between continuity and innovation, will resurface in this book. As we will see, while such issues may be intriguing at a theoretical level (to lawyers at least) they are often also of considerable practical importance.

The central objectives of this book are to assess how various key legal constructs and rules apply to cloud computing, both in theory and in practice, and to facilitate a debate about how the governance of cloud computing might be improved.

A word about the origins of this book. In 2008, soon after I had started to speak and write on cloud-related issues, Microsoft asked me whether I would be interested in leading a research project to assess the legal and regulatory implications of cloud computing. Along with my academic colleagues Chris Reed and Ian Walden, I was delighted to agree and in 2009 the Cloud Legal Project was launched in the Centre for Commercial Law Studies at Queen Mary, University of London. I will say more about the Cloud Legal Project in the Acknowledgements but for now suffice to say that four years down the line we have certainly not run out of issues to tackle. This book represents a synthesis of our findings to date but the field is developing rapidly and we are now analysing the impact of cloud computing in various other legal and regulatory contexts. I hope that we will be able to incorporate at least some of those additional topics in a future edition of this book.

In terms of the conceptual scope of our current discussion of cloud computing, space will not permit a detailed exploration of the many ways in which cloud technologies and services may be used, and the legal consequences that can ensue. It is, however, worth noting that cloud computing is already a key enabler for a wide range of new business models and for a plethora of services delivered via apps on mobile and other devices. Big Data analytics also make extensive use of cloud technologies and services. These are important topics but our focus in this book will be on cloud computing itself. Where we do refer to cloud-based applications, ranging from social networking to the delivery of government services, this will be primarily for illustrative purposes.

Given the current pace of developments in relation to cloud computing technologies and services, and in many aspects of the legal and regulatory environment, it is inevitable that some details at least will have changed by the time you read this. As we go to press, significant areas of uncertainty include the ongoing EU data protection reform saga and the implications of reports of massive and systematic access to data in cloud environments by governments and law enforcement agencies. Procurement and contracting arrangements for cloud services are also evolving rapidly. In the light of such volatility, we have given examples of current technologies and market practices while endeavouring to explore the principles of cloud computing law in a way that will remain relevant for some time.