Most Read Contributor in South Africa, September 2016
Although there is no generally accepted definition, the term
"cloud computing" is generally used to refer to the
provision of computing services (such as processing and storage of
data) over a network of remote servers hosted on the internet
rather than a physical local server or a personal computer.
Enterprises (medium to large) across the globe are embracing
cloud computing, no doubt as a result of the cost benefits gained
from spend on technology infrastructure, and reduced support and
maintenance costs. In addition, there are other benefits available
to businesses such as storage capacity and faster deployment of
business systems. However, the use of cloud services presents equal
challenges to users, such as data loss, lack of customisation
offered by service providers and severe limitations of liability by
Data protection remains one of the major concerns relating to
the use of cloud services, often creating a stumbling block for
those enterprises that wish to move to the cloud. With the advent
of the Protection of Personal Information Act, 2013
("POPI"), there are added legal risks to
companies that process personal information either by themselves or
through third parties.
Historically, service providers for ICT services have sought to
exclude liability for consequential/indirect damages with
exceptions for losses arising from intellectual property
infringements and breaches of confidentiality. These exceptions
were generally negotiated between the service provider and the
consumer of services. However, as service providers now generally
insist on the use of their standard service provider contracts in
which they have to back-off the obligations imposed on them down
the cloud supply stream, there is little room for consumers to
negotiate the terms of these contracts.
An assessment of the advantages and disadvantages of cloud
computing services is an important one, however before making the
decision to move to the cloud, enterprises should consider the
following legal aspects:
Identify data processed
by the company: A comprehensive data assessment is an
important first step as it enables companies to determine their
level or exposure to risk and the potential losses that are likely
to be suffered due to unauthorised access, loss or damage to the
company's data. Cloud service providers generally limit their
liability for direct damages to the fees paid or payable under the
contract. In practice, the losses suffered by companies for
breaches of data protection obligations exceed such capped amounts
and often result in indirect damages. An evaluation of the
limitations and exclusions of liability will be pivotal.
Assess the service
provider's obligations under the agreement:
Although no IT system is one hundred percent fail-proof, any
enterprise that intends to move to the cloud needs to ensure that
there are adequate protection measures in place to protect loss of
its data. These include data back-up and restoration measures,
industry standard organisational and technical measures, as well as
having a comprehensive service level agreement in place.
location: POPI prohibits cross-border transfer of
personal information except under certain exceptions, including
where the third party is subject to a law which provides adequate
protection. Cloud-based services are commonly located in India,
Japan and the US which have different data protection regimes to
POPI, which is modelled on European data protection legislation.
Added to this, some enterprises may face regulatory restrictions
where processing of data is concerned, this particularly being the
case for those business that operate in the financial,
pharmaceutical or other highly regulated industries.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
There has been much discussion in the media regarding the use of virtual private networks (VPNs) in the United Arab Emirates (UAE), triggered by the recently announced Federal Law No. (12) of 2016 (the Amendment), which amends Federal Decree-Law No. (5) of 2012 on Combating Cybercrimes (the Law).
Google, Facebook, Twitter, WhatsApp, Zynga, Airbnb, Uber etc etc. These are all companies that have come from nowhere and are now market leaders in an increasingly mobile and digital world.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).