Facing Risks and Building Trust: Grid and Cloud Adopters and Providers from a

Legal Perspective

Davide M. Parrilli ICRI – K.U. Leuven – IBBT

time.lex Brussels davide.parrilli@law.kuleuven.be

Business Experiments in GRID2

Introdution

Lawyer: a person who is very good in indicating problems and

who is very bad in proposing solutions to these problems.

Often true, but not always – but in this presentation we’ll talk about

open issues without solution (yet). Need for open discussion

between scientists, practitioners and policymakers.

Business Experiments in GRID3

Risks and Trust (I)

Grid and Cloud computing are not riskless, mainly due to its transnational nature:

•User, service provider and technology provider may be established in different countries;

•Hardware resources (datacenters) may be dispersed in different countries.

Business Experiments in GRID4

Risks and Trust (II)

In pure national scenarios (all previous elements in one country) there are of course less issues and problems

– one set of laws applies with no potential conflictsone set of laws applies with no potential conflicts.

But still some issues arise: e.g. liability for not-delivery of the services, damages for security failures – are

courts able to solve these disputes??

Business Experiments in GRID5

Risks and Trust (III)

Consumers are more protected by applicable laws and by courts: the SLAs with them cannot be too unbalanced in

favor of the provider.

Users: consumers and businesses.Users: consumers and businesses.

Consumer: who uses the Grid or Cloud (and/or the services provided

in a Grid or Cloud environment) purely for personal purposes – professional use is excluded!

Business Experiments in GRID6

Risks and Trust (IV)

Businesses are basically not protected.

Tips: as end user, read always first the SLA!

The same applies when service providers buy Grid/Cloud services

from a technology provider.

Usually the technology provider will shift risks and liabilities to the service provider and the latter will

shift them to the end user.

Business Experiments in GRID7

Risks and Trust (V)

Critical issues: security and liability – if the SLA does not face and solve them adequately it is difficult to

build trust towards service and technology providers.

What to do? Industry itself should realize that better contracts are in the interest of everybody – it doesn’t

mean less profit bur rather more investments!

Business Experiments in GRID8

Google’s powers (I)

A step further: what are big service and technology providers becoming?

I.e.: some of the companies that use and develop Grid and Cloud computing are acquiring a huge economic

and social power – the Google case.

Should we be afraid of this phenomenon?

Business Experiments in GRID9

Google’s power (II)

What is Google?

A.A company providing services, technology, information, etc etc.

B.A new country without atomic bombs but very

powerful;

C.A new God.

Business Experiments in GRID10

Google’s power (III)

The right answer is…no idea!

Google has an impact on the way people think,

operate, work and live. It generates and affects the

knowledge and the information that people

have.Quid from the legal point of

view?

Business Experiments in GRID11

Google’s power (IV)

Google can (reasonably?) think that it is above the law – btw, all lawyers use Google to find

laws and decisions…

For the very fact that Google operates at global level, it is subject to a huge amount

of laws and regulations.

Business Experiments in GRID12

Google’s power (V)

Case: Criminal investigation in Milan, Italy – the prosecutor ask Google to disclose data relating to access of

Gmail accounts by Google’s clients.

Answer: no way! The management of Google decides what data (and to

whom) can be disclosed, even when the life and safety of people are in danger.

Business Experiments in GRID13

Google’s power (VI)

Behavior to criticize: the laws are supposed to protect the interests of the collectivity, especially

when a criminal investigation and trial are involved.

Laws (should) follow a democratic process;

Google’s decision not.

Business Experiments in GRID14

Google’s power (VII)

But…respecting all applicable laws for Google is a huge cost and often it is

simply not possible.

E.g.: Italian law sets forth certain obligations about retention of users’ data – other laws may set different

rules . Which rules shall Google follow??

Business Experiments in GRID15

Google’s power (VIII)

Possible answersPossible answers:

• The law of the country of incorporation of the company shall be always applicable: not

implementable (incorporation in ‘law heavens’);

• The law of the country where the Cloud components are located shall be always applicable: not implementable (and not

accepted by E-Commerce Directive);

Business Experiments in GRID16

Google’s power (IX)

• The law of the country of the recipient of the services or where the services are enjoyed applies: probably the best solution (but in the EU, e.g. in the banking and financial sector, ‘home state’ principle applies –

possible in geographical areas with harmonized rules or similar standards).

Business Experiments in GRID17

Google’s power (X)

Solutions: harmonizationharmonization at global level of rules that apply to transnational providers of

information – rules for traditional media are not applicable!

There is no unique place where the content is created and stored, and there are many place

where access to the content takes place.

Business Experiments in GRID18

Google’s power (XI)

Similar (and very important) issue: taxationtaxation.

All countries would probably like to tax locally the profits

generated by Google as much as possible.

Problem: how is it possible to calculate the profits generated

by Google country per country?

Business Experiments in GRID19

Google’s power (XII)

Risk to tax the profits arising from the services supplied via Cloud

infrastructures many times (in all countries where Cloud

components are located) or never (thanks to a careful tax planning

policy).

Business Experiments in GRID20

Conclusions (I)

Grid/Cloud computing and the supply of everything as a service (including knowledge and information) is

changing the business reality and the mentality of people. The effects of the Grid/Cloud technology, and the way it is deployed, are huge and cannot simply be analyzed and approached with traditional instruments.

Business Experiments in GRID21

Conclusions (II)

Do we live in a world without borders? Sometimes yes, and Grid/Cloud computing is a perfect example – but

laws and standards are still based on borders.

(Btw, Google knows borders too – those imposed by China. Maybe is Google weak with the strong and

strong with the weak?)

THANK YOU

© BEinGRID Consortium