Home > Uncategorized > Law & Policy in the Cloud: A Murky Forecast

Law & Policy in the Cloud: A Murky Forecast

Tomorrow, the FCC will announce its broadband plan, designed to catapult the United States into a fully wired (or wireless) society.  If successfully executed, the plan will created millions of well paying jobs – in infrastructure, and in services to support a new online ecosystem.  Information and data reaped from broadband activities will continue to transform products and services.  In about a decade, broadband – not the telephone – will serve as the communications backbone of our nation.

To achieve this goal however, we need to have laws and regulations that dictate how broadband is built, accessed and delivered.  Surprisingly, the FCC’s jurisdiction to regulate broadband is in question – and a final determination on this answer could take years, possibly decades of litigation.  In addition, there is continued regulatory uncertainty around the use of the data that is intended to flow across these vast broadband networks – particularly data that is stored away from the user’s desktop and in the cloud.

Indeed, the current state of law and policy – particularly as it relates to cloud computing – is definitely murky.  That was the consensus of most experts at a terrific conference hosted last Friday by Berkeley’s Center for Law & Technology entitled Emerging Law & Policy Issues in Cloud Computing. A threshold question, echoed by both Rich Sauer of Microsoft and Michele Dennedy of Sun, is which jurisdiction’s laws should apply to data stored in the cloud.

The inherent, “multi-tenant resourcing” nature of cloud computing provides the incredible efficiency gains that are driving business to the cloud today.  It also means that your data may be stored and transacted on a US server – or a server located outside of the US.  It’s hard to know exactly where the data is at any given moment. This poses some definite problems, particularly when you consider the divergent nature of the global laws governing data privacy and security.

Earlier this month, for instance, the German constitutional court struck down a 2008 law that required retention of certain information for law enforcement purposes (including the deterrence of terrorism) on the basis that it conflicted with Germany’s Constitution.  As Professor Thomas Fetzer of the University of Mannheim explained, the concept of human dignity is paramount under the German Constitution and trumps all other laws (including that of the European Union or other European countries). Under this formulation, an individual must be able to control his or her data at all times.  On the other end of the spectrum there’s China, which has warned of “consequences” for Google or any other company that does not filter search data.

Choice and transparency have emerged as two best practices for cloud companies. As companies encourage users to store their most valuable data – medical, financial, etc. – in the cloud, the choice of where that data sits will become even more important for jurisdictional purposes.  But as we also know, consumers today have limited knowledge about what data is being gathered about them and how that data is being used.  It’s hard to exercise choice when you don’t know what it exactly it is that you are choosing.

So what’s the next step for cloud companies that want to stay competitive in this space but also not run afoul of laws and regulations?  I think there are at least two opportunities that companies should be supporting:

Opportunity #1: Educate your Consumer

Since most consumers don’t know how data about them is collected, manipulated and stored, there appears to be a great opportunity for companies and regulators to join forces and resources to educate consumers about the issue.  The recent German action alluded to above, was brought – not by a competitor – but by a class of over 35,000 German consumers.  Unless consumers understand the benefits of how data can transform our commercial, personal and human experiences, it will be hard for cloud companies to press for relaxed regulations on data privacy and security issues.  An upcoming opportunity may present itself in the “digital literacy corps” that will be proposed in the FCC’s Broadband Plan tomorrow.

Opportunity #2: Advocate for Baseline Guidance

It’s clear that there are wide gaps between US laws and the laws of other nations when it comes to cloud computing.  That said, there appear to be some common principles – gleaned from the EU Data Privacy Protection Act and certain FTC guidances for example – that could define how companies provide notice to consumers, regardless of which jurisdiction in which they sit. In fact, the FTC could set up an advisory process – similar to what is already seen under the Children’s Online Protection Act, to provide a safe harbor and incentives for companies that put resources into this type of activity.

The cloud is definitely here to stay and it’s likely that the laws of the physical world will continue to struggle with its non-physical contours.  Remaining competitive in the cloud is important for any company doing business today – particularly as web technologies transform traditional industries.  Regulatory considerations are an important part of that competitive matrix.  Also important is being upfront with consumers about what type of data is being gathered and how it will be used.  It’s a great opportunity – to shape perceptions about an important computing trend that is transforming our lives, while also advocating for the types of laws and regulations that will preserve the innovation that continues to be a hallmark of the cloud space.

What could be more clear?

Advertisements
Categories: Uncategorized Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: