Regulatory Developments

Last updated: 
5 days 6 hours ago
Blog Manager
Log in to request membershipHide blog description
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Recent members:

Cloud Computing and Law Toolkit

Wednesday, June 6, 2012 - 11:02

The JISC Legal Information Service have published a toolkit on the legal issues that should be considered by universities and colleges when planning to use external cloud computing providers, including Data Security, Jurisdiction, Confidentiality, Freedom of Information, Intellectual Property Rights, Equality and Accessibility, and Contracts. The organisation's legal duties are unlikely to change significantly as a result of adopting a cloud approach, but the measures it needs to take to ensure compliance with those duties may be very different. The toolkit comprises an Introduction, further papers dealing with specific issues for IT, Senior Management, Users and a paper on Cloud Contracts. The papers provide comprehensive and accessible coverage of the issues, with helpful Key Points for organisations to include in their planning and links to sources of more legal detail.

The toolkit notes that many of the legal issues are similar to those for any other outsourcing activity, while also commenting that clouds' extensive use of standard contracts and international provision of services challenge some of the law's current assumptions about how compliance can be ensured. Data protection principles on security and international transfers (principles 7 and 8 of the Data Protection Act 1998) are highlighted as particular areas where current law and cloud arrangements may not fit comfortably and where adaption of both may be required. Until this occurs, and until there is case law on issues such as jurisdiction, cloud services will inevitably involve some legal uncertainty.

Even in the present state of law and clouds, however, the toolkit considers that "there are no legal issues which constitute an outright bar to the adoption of a cloud computing solution". It expects future developments in both the law and cloud provision, particularly the adoption of standards, to make the requirements clearer for both cloud providers and users and to make it easier to decide which applications are, and which are not, suitable for implementation on particular cloud systems.

Cloud computing
Data Protection Act
  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo