This paper was presented at the Institute for Global Law and Policy 5th Conference (Harvard University, June 3 – 4, 2013)
What happens in the Cloud stays in the Cloud, or why the Cloud’s architecture should be transformed in ‘virtual territorial scope’ Gabriela Zanfir*
Abstract The most common used adjective for cloud computing is “ubiquitous”. This characteristic poses great challenges for law, which might find itself in the need to revise its fundamentals. Regulating a “model” of “ubiquitous network access” which relates to “a shared pool of computing resources” (the NIST definition of cloud computing) is perhaps the most challenging task for regulators worldwide since the appearance of the computer, both procedurally and substantially. Procedurally, because it significantly challenges concepts such as “territorial scope of the law” - what need is there for a territorial scope of a law when regulating a structure which is designed to be “abstracted”, in the sense that nobody knows “where things physically reside”1? Substantially, because the legal implications in connection with cloud computing services are complex and cannot be encompassed by one single branch of law, such as data protection law or competition law. This paper contextualizes the idea of a global legal regime for providing cloud computing services, on one hand by referring to the wider context of global governance and, on the other hand, by pointing out several solutions for such a regime to emerge.
Key words: cloud computing, data protection, global governance, territorial scope
* PhD candidate, Assistant Researcher, Faculty of Law, University of Craiova. This work was supported by the strategic grant POSDRU/CPP107/DMI1.5/S/78421, Project ID 78421 (2010), cofinanced by the European Social Fund—Investing in People, within the Sectoral Operational Programme Human Resources Development 2007–2013. The author would like to thank the participants to the Institute for Global Law and Policy 5th Conference (Harvard University, June 3 – 4, 2013) for their comments on a first draft of this paper. 1 Chris Witt, HIPPA v. the Cloud, Managed Care Outlook, August 15, 2011, p. 10.
1 Electronic copy available at: http://ssrn.com/abstract=2409006