Legal restrictions on cloud computing abroad

Source: Internet
Author: User
Institute of Policy and Economics, Ministry of Industry and Information technology Li Haiying This April, the vice chairman of the European Commission, Lie Cross, said cloud computing was critical to the development of Europe, and now we need to do some work, and foremost, the legal framework, "it is clearly an international dimension, including data protection and privacy protection, Including the distribution of jurisdiction, legal liability and consumer protection.  "Cloud computing from the date of birth accompanied with the legal controversy, many countries have begun to discuss the law to regulate it, the application of the original data protection Law, privacy law or targeted to make relevant laws." The first is the issue of cross-border delivery. Cloud computing differs from traditional outsourcing services in that the main difference is in the use of cloud computing, where data is stored and delivered over the Internet, where the owner of the data is unable to control or even know where the data is stored, and the flow of data is global, across borders and across different time zones. The key to legal problems is that it is difficult for anyone to know where the data is shared and transmitted, where data is transmitted across borders, instantaneously and globally, and each country has its own laws and regulatory requirements, and the providers of cloud services are clearly unable to comply with the laws of all the countries involved,  It therefore poses a challenge to the legal obligations under the jurisdiction of States. The European Union adopted the Data Protection Directive in 1995 (i.e. the European Parliament and Council of October 24, 1995 on personal protection involving personal data processing and the EC directive on the free flow of such data), commonly referred to as "general directives", the most important provision for cloud computing, In the absence of a specific commitment mechanism, the EU prohibits the transfer of personal information from EU residents to the United States and most countries in the world. What does this mean for cloud computing? If you want to put data that contains personal information about the EU residents on the cloud (these personal information may be simple such as an email address or employment information), by transferring this data from the EU to almost anywhere in the world, you cannot simply throw that data into the cloud, but you need to meet at least one of the following conditions: International safe haven Certification (  Analysys Safe Harbor certification), which allows data to be transferred from the EU to the United States, but not to other countries. Format contracts, which allow data to be transferred from the EU to other countries other than the United States, but because cloud computing involves multiple levels of supplier relationships, format contracts are not always valid; binding corporate rules (i.e. rules for cross-border transmission of personal information by transnational corporations and international organizations under the EU Data Protection Law),  This rule is designed specifically for multinational companies and therefore does not necessarily work with cloud service providers. In order to implement the EU directive, each Member State also enacted the corresponding law. such as the German data protection law, the company that uses cloud computing must take the necessary measures to protect the integrity and security of personal data, regardless of whether the cloud service provider is located in the EU. For example, a company must sign a contract with a cloud computing service provider,In accordance with the relevant provisions of the data protection law, if they do not comply with these laws, will face fines and civil proceedings. Next is the issue of data protection and privacy. The relationship between cloud service and national data protection Law and privacy law is a topic of great concern at present. In the United States, it involves the Patriot Act, Sarbanes-Oxley law, and the protection of sensitive information. The Patriot Act authorizes U.S. law enforcers to contact anyone's personal records without permission, with the approval of the Court, for counter-terrorism purposes. This means that if you use a server located in the United States, or a cloud computing service provider located in the United States, U.S. law enforcers can, for the purpose of a counter-terrorism investigation, check your data without your permission by obtaining a court order. Canada also has a similar provision, with its Anti-Terrorism Act (ATA) and Defence Law (national Defense Act,nda) giving the defence minister the power to check data preservation. The No. 326 chapter of the American Patriot Act also requires all financial institutions (including credit card companies) to obtain, certify and record information on accounts, changes and payers in each account. The enactment of the Sarbanes-Oxley Act (Oxley) also provides a legal basis for data protection, and companies applying the Sarbanes-Oxley Act must ensure that their suppliers comply with Sarbanes-Oxley requirements when using cloud computing services. In addition, the issue applies to different sectors such as finance, health and other laws, as well as to different types of sensitive information, such as children's data. Federal laws in the United States, such as the Financial Services Act (Gramm-leach-bliley), apply to financial institutions for data protection, health Insurance Facilitation and Accountability Act (HIPAA), for health service providers and other health-related entities; Online Privacy Protection Act for Children (COPPA),  Applies to data collected for children younger than 13 years old, and so on. Third, the contract norms are difficult. Usually, the service provider and the customer through the contract to regulate their respective rights and obligations. However, before cloud computing establishes standard and trusted programs, it is difficult and impossible for users of cloud services to want to be protected through contracts. Flexible, Easy-to-use services and easy to share infrastructure are the advantages of cloud computing, but the way cloud computing is used creates a lot of security problems. Companies offering cloud computing are unlikely to make contractual commitments to security issues in their contracts with customers because they are out of control and cannot even tell customers where the data is located.  If a cloud-computing provider is required to make a commitment and incur additional obligations in a contract, it is likely to disrupt the cloud's pricing model and make it more advantageous. The legal problems posed by cloud computing have challenged countries around the world, and the BlackBerry restrictions have been reopened in some countries. For example, France requires the government not to use the BlackBerry because all mail routes will be passed through the United States and are easily seen by the U.S. Department of Homeland Security. In India, in an effort to stop the government's ban on the use of BlackBerry equipment, RIM has worked with the government toAddress national security and user privacy issues. Cloud computing providers are also working on this. According to the New York Times, HP, Microsoft, Google and Oracle are all looking for ways to solve the problem, for example, in HP's UK labs, where researchers are trying to encrypt data before it is sent to the cloud center and then decrypt it after it leaves the cloud. Another solution is to give individuals the ability to digitally label data to control the personal information of each part of the cloud.  The companies are also lobbying lawmakers to loosen restrictions to ensure that companies can develop cloud computing within the boundaries set by regulators.  The legal issues arising from cloud computing are global, and in the future, in addition to the laws and regulations of countries within their respective jurisdictions, legislative efforts at the international level may be more conducive to the development of cloud computing and security protection. Author: Li Haiying: Ministry of Industry and Information Technology Department of the Institute of Policy and Economic Research Department of Legal Supervision of the Deputy Director, the main research scope for the telecommunications legislation, internet laws and regulations, WTO rules and telecommunications market open.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.