Legal and regulatory barriers to the introduction of cloud services in the EU
ITU e-Learning Course
5 - 12 March 2018
The interest in cloud services has grown rapidly over the last few years. It is reported that public spending on the procurement of cloud services is estimated to have reached USD 107 billion by the year 2017. The rapid development of cloud services is driven by cloud characteristics, such as: elasticity, scalability, universal access, low entry cost, flexible and adjustable billing and easy metering.
On the other hand, moving business activity to the cloud is also subject to significant challenges and risks, such as, in particular, compliance, security, privacy as well as competition issues (including vendor lock-in). Those challenges and risks are mostly driven by lack of a uniform regulatory framework devoted to cloud computing activity, the complexity of service models and service delivery over the cloud, the low awareness of cloud computing service provisioning by both vendors and regulators due to, among other things, insufficient governmental information campaigns on the benefits and risks of cloud services.
The subject of this workshop is to discuss, from a practical point of view, the legal and regulatory barriers to the development of cloud services. During the workshop, the existing sources of law will be outlined and discussed from a national and international perspective, in the context of various, differentiating cloud definitions, cloud service models and different subject matter of such services. In addition, future regulations such as, for example, the General Data Protection Regulation and its impact on the cloud regulatory framework, will be discussed. The discussion will also encompass the practical and legal issues related to cloud standardization and the extent to which standardization may support, from a practical perspective, the legal framework related to the cloud environment. The workshop will also cover issues related to service procurement, including the contents of cloud contracts, Service Level contracts and the enforcement of such contracts. The risks connected with cloud contracts from the perspective of cloud vendors, including state and local government vendors and private vendors, cloud service providers and brokers as well as auditors, will be discussed. The workshop will also include a discussion on legal and practical issues involved in auditing cloud services, as well as issues related to legal and regulatory barriers connected with internet (cloud) access services.
The course is in particular addressed to: members of IT teams, sales and legal departments considering the procurement of cloud solutions, regulators, (in house) lawyers and anyone interested in cloud services.
At the end of the training, the participant should have gained an understanding
of the key aspects of:
- Cloud computing – phenomenon
- Sources of law relating to cloud computing
- The role of standardization in the development and provision of security measures aimed at protecting services offered in the cloud
- Different types of information as the subject matter of services delivered in the cloud
- The role of participants in cloud computing contracts and its legal aspects
- Legal and regulatory burdens related to the provision of services in the cloud
- Auditing the cloud – the aim, scope, results and benefits of an audit
- Enforcement of contracts for the provision of services in the cloud
- Access to cloud services and access barriers
- Application of cloud services to the local and state government
1. Description of the “cloud computing” – phenomenon; depiction of common characteristics in the light of a wide variety of different definitions
- Cloud computing – buzzword
- Common definitions of cloud computing
- Evolution of cloud computing
- Cloud computing vs. Grid computing
- Cloud computing vs. utility computing
- Cloud computing – NIST
- Atributes of cloud computing
- Characteristics of cloud computing
- Service Models
- Deployment Models
2. The role of participants in cloud computing contracts and its legal aspects
- Agreement on the provision of cloud services
- Cloud actors
- Cloud provider
- Cloud consumer
- Cloud auditor
- Cloud broker
- Cloud carrier
- Legal relationship between the cloud consumer and cloud provider
3. Sources of law relating to cloud computing in the context of the lack of specific regulations concerning cloud computing
- Sources of law relating to cloud computing
- A cloud contract
- The sources of law
4. Different types of information as the subject matter of services delivered in the cloud
- Processing of personal data in the cloud
- Personal data
- Sensitive personal data
- Data relating to criminal offences
- Anonymous data
- Processing of personal data
- Cloud provider as processor
- A conflict with controller’s instruction
- Failure to comply with the controller’s instructions
- Sub-processing in the cloud
- Confidentiality obligations of the processor
- Data security obligations
- Notification of data breaches
- Liability of processors
5. The role of standardization in the development and provision of security measures aimed at protecting services offered in the cloud
- Types of cloud standards
- Goals for standarisation
- Standards for cloud computing
- Legal charakter of standards
- Examples of cloud computing standards
- Open cloud computing interface
- Opinion 05/2012
6. Legal and regulatory burdens related to the provision of services in the cloud
- Reasons for legal/regulatory burdens for cloud services
- A cloud provider’s perspective
- A cloud consumer’s view
- Required actions
7. Auditing the cloud – the aim, scope, results and benefits of an audit
- The aim of cloud audits
- The scope of cloud audits
- Results of cloud audits
- Benefits of cloud audits
8. Enforcement of contracts for the provision of services in the cloud
- Choice of law governing cloud contrats
- Rome I
- Rome II
- Polish international private law
9. Access to cloud services and access barriers
- An Internet service – definition
- Legal character of Internet access services
- The role of cloud carrier
- Scarce resources
10. Application of cloud services to the local and state government
- Local/state government as cloud provider
- Case study – secondary school
- Barriers and drawbacks
- Final evaluation
An example of the course materials.
Andrzej Krasuski PhD, Legal advisor
Andrzej Krasuski holds a PhD degree in law and is a legal counsel (radca prawny) with twenty years of experience. He specializes in regulations referring to the telecommunications market, and in particular in telecommunications law, media law and personal data protection law. In his current work, he advises on complex matters regarding regulations on the telecommunications market (i.e. the imposition, change and lifting of regulatory obligations on specific telecommunications markets), co-operation between telecommunications companies, management of scarce resources, protection of data under telecommunications secrecy rules.
Another area of Andrzej Krasuski’s specialization is personal data protection and outsourcing. Andrzej’s experience includes, among other things, the optimization of data flow structures from a data protection point of view, single data protection verifications as well as complex and continuing compliance audits, legal assistance in preparation of documents evidencing the processing of data, and providing security for processed data. In addition, he has extensive experience in a broad range of aspects regarding international data transfers, including transfers beyond the European Economic Area. He has advised on various models of co-operation on the market, where personal data plays a key role. In addition, he has advised many clients on data protection in complex regulatory proceedings. He has experience in the implementation of SOX regulations and has advised on data protection aspects in FCPA proceedings.
In September 2015, the fourth edition of the Commentary to the Telecommunications Law in Poland, the author of which is Andrzej Krasuski, was published by Wolters Kluwer. He is the author of many other books and scientific publications on telecommunications, outsourcing and data protection subject, including inter alia: Umowa o świadczenie usług telekomunikacyjnych (Agreement for the provision of telecommunications services) (LexisNexis 2005), Outsourcing danych osobowych w działalności przedsiębiorstw (Personal data outsourcing in business operations) (LexisNexis 2010), Dane osobowe w obrocie tradycyjnym i elektronicznym. Praktyczne problemy (Personal data in traditional and electronic trading. Practical problems) (WoltersKluwer 2012).
He has extensive experience in proceedings before the President of the Office of Electronic Communications in Poland, Inspector General for Personal Data Protection and the President of the Office of Competition and Consumer Protection as well as the European Commission. Andrzej Krasuski has extensive experience in proceedings before administrative courts and universal courts on matters related to telecommunications activity and data protection matters.
Andrzej Krasuski was a partner in international law firms, heading for many years telecommunications and data protection practices. He combines his law practice with lecturing activity, co-operating inter alia with the National Institute of Telecommunications. He has been praised for many years in international rankings as one of the leading lawyers specializing in telecommunications law, media law and personal data protection law.
Course Date (Duration)
5 – 12 March 2018 (8 days)
E-Learning Course. The course methodology will be as follows:
- Each day from 5 to 12 March 2018 there will be made available two recorded video lectures, which are recorded in the face-to-face ITU Centre of Excellence workshop organised by National Institute of Telecommunications in Poland. In total there are 10 video lectures during the course.
- Discussion forum will be organized based on discussion topics given on a daily basis, where students are highly encouraged to participate and interact with instructors and other students.
- Quiz test will be assigned on the last day of the course, 12 March 2018.
- All announcements for all events (lectures, quiz and forum) will be given in a timely manner (prior to the event) by the course tutor.
At the end of the course participants will take part in a written test checking the level of knowledge gained during the training.
STEP 1 – Login into ITU Academy
In order to access this course you need to have a valid account in ITU Academy. First, you should login into the ITU Academy with your ITU Academy account via the login page: https://academy.itu.int
If you have no valid account in ITU Academy follow this steps: Registartion process
STEP 2 – Registration into this course
After login into ITU Academy, select the course „Strategic Aspects for Internet Governance and Innovations” by using the link:
Zaproszenie do udziału w szkoleniu 21-22 maja 2018 r. Szanowni Państwo, Serdecznie zapraszamy do udziału w szkoleniu "Montaż światłowodów i pomiary optotelekomunikacyjne" które odbędzie się w dniach 21-22 maja 2018 r, w Ośrodku Szkolenia Instytutu...
Zaproszenie do udziału w szkoleniu 8-9 maja 2018 r. Szanowni Państwo, Serdecznie zapraszamy do udziału w szkoleniu "Prawne i praktyczne aspekty wdrażania RODO" które odbędzie się w dniach 8-9 maja 2018 r, w Ośrodku Szkolenia Instytutu Łączności, w...
Zaproszenie do udziału w szkoleniu 9-11 kwietnia 2018 r. Szanowni Państwo, Serdecznie zapraszamy do udziału w szkoleniu "Wprowadzenie do lokalnych sieci komputerowych LAN", które odbędzie się w dniach 9-11 kwietnia 2018 r, w Ośrodku Szkolenia Instytutu...
Subskrybuj nasz Newsletter
Otrzymasz dostęp do darmowych materiałów szkoleniowych
i nie przegapisz żadnej z istotnych naszych inicjatyw.
Zaproszenie do udziału w szkoleniu 21-22 maja 2018 r. Szanowni Państwo, Serdecznie zapraszamy do udziału w szkoleniu "Montaż światłowodów i pomiary optotelekomunikacyjne" które odbędzie się w dniach 21-22 maja 2018 r, w Ośrodku Szkolenia Instytutu...czytaj dalej