Proskauer litigation associate Courtney Bowman and Jonathan Reardon, head of the Al Khobar, Saudi Arabia office of the Middle East-based firm Al Tamini & Co., recently co-authored an article published by Bloomberg about Saudi Arabia’s draft cloud computing regulations. The article analyzes the draft regulations and their potential impact on
Oregon became the first state to adopt the Revised Uniform Fiduciary Access to Digital Assets Act (“Revised UFADAA”) when Governor Kate Brown signed Oregon Senate Bill 1554 into law on March 3, 2016. The law will become effective on January 1, 2017.
Traditionally, a person’s most valuable assets to be distributed upon death consisted of tangible items such as real property, cash, jewelry and personal effects of sentimental value like photographs and letters. However, the advent of the digital age has brought a shift from file cabinets, mailmen and photo albums to cloud storage, e-mail accounts and online photo streams. Today, virtually everyone has at least some assets that are not physical, but are stored as data and accessed via the Internet. “Digital assets” may include, for example, text messages, instant messaging accounts, e-mails, documents, audio or video images and sounds, social media content, health insurance records, source code, software, databases, online bank accounts, blogs, and the user names and passwords necessary to access online accounts, among other things. More specifically, consider a person’s PayPal or Venmo accounts, which might contain large sums of money, or Google, Yahoo, Facebook or Instagram accounts, which might contain letters, pictures, videos and other items of intrinsic value. The steady growth of most individuals’ online presence has given rise to a novel legal issue – authority over administering the digital assets and accounts of an account holder upon death or disability.
A substantial rise in schools’ use of online educational technology products has caused educators to become increasingly reliant on these products to develop their curricula, deliver materials to students in real time, and monitor students’ progress and learning habits through the collection of data by third-party cloud computing service providers. Unfortunately, with these advances come the data security concerns that go hand-in-hand with cloud computing—such as data breaches, hacking, spyware, and the potential misappropriation or misuse of sensitive personal information. With the Family Educational Rights and Privacy Act (FERPA)—federal legislation enacted to safeguard the privacy of student data—in place for four decades, the education sector is ripe for new standards and guidance on how to protect students’ personal information in the era of cloud computing. California has tackled this issue head on, with the passage of two education data privacy bills by its legislature on August 30, 2014. Senate Bill 1177 and Assembly Bill 1442 (together, the Student Online Personal Information Protection Act (SOPIPA)) create privacy standards for K-12 school districts that rely on third-parties to collect and analyze students’ data, and require that student data managed by outside companies remain the property of those school districts and remain within school district control.
In April, Microsoft tried to quash a search warrant from law enforcement agents in the United States (U.S.) that asked the technology company to produce the contents of one of its customer’s emails stored on a server located in Dublin, Ireland. The magistrate court denied Microsoft’s challenge, and Microsoft appealed. On July 31st, the software giant presented its case in the Southern District of New York where it was dealt another loss.
It has been reported that Google will give EU businesses the opportunity to store personal data exclusively on servers in the EU. This appears to have been prompted by compliance difficulties with the current EU data protection Directive when cloud computing service providers store personal data on servers or in data centres based outside the EU. Such compliance difficulties encountered by cloud clients were highlighted by Peter Hustinx, the European Data Protection Supervisor (EDPS), in his opinion issued on November 16, 2012 (http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2012/12-11-16_Cloud_Computing_EN.pdf).
Concurrent with the European Commission’s recent release of a new strategy to “unleash the potential of cloud computing in Europe,” the French Data Protection Agency (CNIL) issued 7 recommendations to assist companies to comply with French law when using cloud computing services.
Cloud computing is already revolutionizing the way companies operate their businesses, in particular in the way they store and process information. But before you jump into the cloud, you may want to pause to consider your options.