Standardisation of cloud contracts in Europe: Coming soon to the US?
This blog post is for informational and educational purposes only. Any legal information provided in this post should not be relied upon as legal advice. It is not intended to create, and does not create, an attorney-client relationship and readers should not act upon the information presented without first seeking legal counsel.
In light of the disclosures by Edward Snowden, there has been a push towards transparency both from governments and from technology companies that have amassed data about the personal lives of citizens. While the call for increased transparency has been worldwide, the European Union has been at the forefront of advocating for change.
In addition to revising its Data Protection Directive, a topic that will be discussed in more detail in a future post, the EU also tasked a group of industry experts from companies like Amazon, Adobe, Google, Microsoft, IBM, and Oracle with standardizing the language of cloud computing contracts to make them more consistent and easier to understand.
As a result, on June 6, 2014, the European Commission’s Cloud Select Industry Group – Subgroup on Service Level Agreement (“C-SIG-SLA”) released its Cloud Service Level Agreement Standardization Guidelines (“Guidelines”). Part of the larger Digital Agenda for Europe, the stated goal of the Guidelines is to “improve the clarity and increase the understanding of SLAs for cloud services in the market, in particular by highlighting and providing information on the concepts usually covered by SLAs.”
As such, the Guidelines are a “set of principles that can assist organisations through the development of standards and guidelines for cloud SLAs and other governing documents.”
The Guidelines propose that SLAs should be drafted with an eye towards consistency across companies in a manner that is “business model and technologically neutral,” with unambiguously defined terms and with a broad variety of users in mind. In addition to these guiding concepts, the Guidelines suggest that topics such as encryption, logging and monitoring, privacy, availability (“up time”), termination processes, and breach response be addressed in sufficient detail to allow customers to make informed decisions about the cloud service providers and their services.
Neelie Kroes, the European Commission Vice-President, hailed the Guidelines as a step in the right direction, stating that “small businesses in particular will benefit from having these guidelines at hand when searching for cloud services.” As the initiative to standardize SLAs is based in the European Union, it remains to be seen what effect these Guidelines will have on American companies and their agreements.
Currently, the C-SIG-SLA is working with ISO (International Organisation for Standardisation) to present the “European position at the international level.” As such, the Guidelines, in whole or in part, may ultimately become international standards and will find their way into SLAs for engagements with hosting providers and their customers within U.S. This is only logical in that many U.S. cloud engagements in this age of globalization comprise data from beyond the United States.
Accordingly, if the Guidelines have the effect that the European Commission Vice-President believes that they will have, American companies will most probably conform to the principles established by the Guidelines for business reasons.
The post Standardization of Cloud Contracts In Europe: Coming Soon to the U.S.? appeared first on Gathering Clouds.