31 de maio de 2012

Cloud Computing




31 May 2012 Oxford Internet Institute


CONCLUSIONS AND RECOMMENDATIONS
● In terms of policy instruments, the main concerns and risks related to cloud
computing can be divided into three main categories: legislative framework-related
(legal fragmentation; jurisdiction; compliance and liability; enforcement and
redress),  contracts/terms and  conditions-related (Service Level Agreements; End
User Agreements; privacy terms and conditions; clarity and transparency), and
standards-related (interoperability; portability; vendor lock-in).
● Relevant actions to promote and encourage further development of cloud computing
are already included in the programme for the Digital Agenda for Europe. Based on
the evidence collected in the framework of this study, actions in five areas could be
considered by EU policy makers:
1. Address legislation-related gaps, by fully harmonising data protection rules across
the EU; by addressing gaps  related to cloud computing in other EU legislation; by
better protecting users regarding data disclosure by providers to law enforcement
authorities; by fostering global agreements on data protection standards; and by
providing collective redress against security and privacy breaches in cloud services.
Cross-border cloud services depending on a uniform intellectual property rights
regime would benefit from an increased level of harmonisation in this respect.
2. Improve terms and conditions for all users, by developing international best practice
models for contracts, or ‘model contracts’; and by ensuring complete transparency
by providing all terms and conditions in a very clear format.
3. Address stakeholder security concerns,  by examining the feasibility of an
independent auditing and certification system for provider security systems; and by
extending to cloud services providers the applicability of some of the provisions that
apply to ISPs and mobile networks under the EU electronic communications
regulatory framework.
4. Encourage the public sector cloud,  by developing systems of cloud-based
collaboration between public administrations across the EU and coordinating Member
States’ efforts; by promoting the adoption of cloud computing by EU institutions, as
well as its integration with the EU’s e-government plan; and by encouraging the
development of best practices in public procurement across the EU, including wide
use of open standards.
5. Promote further research and development in cloud computing,  in particular
regarding: costs and benefits of conventional IT services versus cloud provision;
how EU legislative frameworks and international agreements fit current and future
cloud computing services scenarios; the  economic impact and the environmental
impact of cloud computing; empirical research comparable across the EU 27 on
cloud computing user experiences, behaviour and risk perception; and cloud-based
awareness and resource exchange systems  particularly to educate and exchange
best practices for SMEs and public authorities.
PE 475.104 81 Policy Department A: Economic and Scientific Policy
6.1 Conclusions
The purpose of this study is to provide  a broad overview on  cloud computing, and
specifically how it relates to consumers and EU digital single market goals, in terms of
benefits, related risks and policy challenges. Its aim is to provide background information
and advice for the Members of the European Parliament IMCO (Internal Market and
Consumers) Committee on priority measures and actions to be undertaken in this field. One
of the first challenges encountered during the research for this study was to find an
established, widely accepted  definition of cloud computing. It does not denote a new
technology, but rather a new way of delivering computing services. Without a workable
definition, it can be a rather vague term with a multitude of meanings which can be as
broad as to encompass the whole of the Internet. We therefore adopted for this study the
NIST (the US National Institute of Standards and Technology) definition of cloud
omputing, which - to paraphrase - refers to computing services and resources (such as
 in importance and has climbed up on the EU
olicy agenda because of its close links with the single market goal of achieving a stronger
ed in the ambitious Digital Agenda. A
l justifies its perceived importance as
 Legislative framework related: legal fragmentation; jurisdiction; compliance and
liability; enforcement and redress. Due to fragmentation of legal regimes within the
EU 27 Member States, and the fact that data centres and providers can be located
anywhere round the world, it is not generally clear which legal system is applicable
islation may also have important gaps in its
versal definition. Consequently there may be limited enforcement and
c
software programmes, remote file storage, etc.) that can be accessed from any device at
any time and from everywhere, regardless of geographic location, and that can be rapidly
scaled to a user’s need with minimum management effort.
Under this definition, there are certain benefits and risks that are inherent to the cloud
computing model, rather than apply to the online world as a whole. Other concerns
expressed strongly by stakeholders - mainly about privacy and security of data entrusted to
the ‘cloud’ - are related to the online world generally, but the cloud computing model
intensifies them, and generates a lack of user confidence and trust that can limit adoption.
Cloud computing has in recent years gained
p
and more competitive digital internal market, as outlin
look into the potential benefits of this computing mode
a tool for the single market as it can bring considerable cost savings and increased
competitiveness of IT services to public and private organisations. It also makes it possible
for small start-up businesses to enter the market without worrying about large investments
into IT infrastructures; therefore it is also one of the enablers for innovation and jobs
creation. Potentially too, it can be an effective tool for collaboration at the EU
intergovernmental level and for enhancing e-government services for EU citizens.
Consumers could also benefit from the greater convenience, flexibility and cost-saving
afforded by cloud services. These important benefits indicate the need to spur on its further
development in Europe.
We have identified a number of main specific concerns and risks, expressed by virtually all
those we interviewed, as well as widely acknowledged in the literature reviewed. They
relate broadly to issues concerning privacy, security, trust and quality of service. In terms
of policy instruments, these can be divided into three main categories:
to a cloud computing service; there is difficulty in providing cloud services across
borders; and there is general confusion regarding rights and responsibilities related
to cloud computing services. Different Directives and Regulations may have different
liability provisions. Relevant leg
applicability to cloud computing services, given also that there is as yet no
established uni
 82  PE 475.104 loud Computing
compliance, and difficulties in obtaining redress. The choice of laws may have
serious repercussions for European based SMEs since they may not be able to afford
elevant for all stakeholders).
158
 Also very relevant
are various international agreements and guidelines, e.g.  the Safe Harbour
US, the OECD Guidelines for the
Protection of Privacy in Transborder Data Flows, and the OECD Security Guidelines.
an à la carte, with the
n
y
r
fy
d
e
d.
                                       
the inconvenience and expense of enforcing their rights in another country or
continent. Particularly relevant legislation includes: the Data Protection Directive,
154
and the related individual Member States’ laws regarding access to data stored in
the cloud (relevant for all stakeholders); the E-Privacy Directive
155
 (relevant for all
stakeholders), the Unfair Commercial Practices Directive
156
 (business to consumer
practices only), the Unfair Contract Terms Directive
157
 (consumer contracts only),
and the e-Commerce Directive (r
agreement  regarding data protection with the
 Contracts/terms and conditions related: Service Level Agreements (SLA); End
User Agreements (EULA); privacy terms and conditions and issues related to clarity
and transparency in disclosure. Due to uncertainties regarding applicable law and
jurisdictions, contracts are the main tools for establishing relationships between
cloud providers and customers. For consumers and the majority of business users of
public multi-tenancy ‘clouds’, they are ‘fixed menu’, rather th
terms set by the providers. For SMEs not covered by consumer protection legislatio
they are the only provision available. Large companies and public authorities ma
have more clout to negotiate. Contracts may be lacking key terms or use unfair o
even illegal terms, are unclear and difficult to read and/or print, often apply out-o
EU legislation resulting in difficulties to access redress, may have no readil
accessible complaints mechanisms, and many deny liability for loss of data an
other damage, and give no information regarding the location of data centres wher
the customer data is store
155
 
156
158
0/31/EC.
154
  Directive 95/46/EC. On 25 January 2012 the Commission published a proposal for a comprehensive reform of
the data protection rules, see Section 4.2.3 of this study.
Electronic Communications Privacy Directive, as amended by the Citizen’s Rights Directive 2009/136/EC.
Directive 2005/29/EC.
157
  Directive 93/13/EEC.
Directive 200
PE 475.104 83 olicy Department A: Economic and Scientific Policy
 Standards related: interoperability; portability; vendor lock-in. There is a risk of
further development of concentrated, incompatible cloud services. Profitability of IT
cloud services provision increases with  the number of users, so there are no
incentives for dominant providers to make their systems compatible with others and
thus open the doors to competition. This may have an impact on cost reductions and
innovation across the whole of the EU economy. Lack of interoperability also creates
the risk of lock-in for customers particularly when there is no mechanism to export
large amounts of stored data. It may also preclude effective inter-governmental cooperation on the EU level, including in the delivery of e-government services.
Standardisation, including use of open standards, is the most important tool for
achieving interoperability; there are currently many standardisation efforts, though
they are not as yet necessarily converging.
If not addressed, these issues can be a barrier to future adoption of this IT model,
particularly by SMEs and public authorities where take up so far has been limited. The
‘cloud’ for individual consumers is much more developed and used by many millions of
people, nevertheless there are risks there too, related to information asymmetries and
potential individual detriment. Further, lack of adoption by SMEs can also have an impact
on new Europe-generated innovative services for consumers.

Nenhum comentário:

Postar um comentário