Understanding where a file goes when you save it to your PC is a fairly simple concept. It lives on your hard drive in a set of folders that you have most likely created and organized yourself. Those files are only stored on YOUR computer, in your home or office, under your control. What about saving files onto the cloud? Where do those files go? Who controls them? Who 'owns' the data? Who owns the cloud? Whose cloud is it anyways?
To understand who owns the cloud, you have to start with a basic understanding of what the cloud actually is. At the most basic level, the cloud is a network of connected servers. When you save information to these servers you are able to access your data from any computer that is connected to the clouds network. Data can also move from server to server 'through the cloud' without the need to download then upload large chunks of data.
The concept of the cloud is one that has been developing over the past 50 years. The idea was introduced in the sixties by J.C.R. Licklider, who was responsible for enabling the development of ARPANET (Advanced Research Projects Agency Network) in 1969. His vision was for everyone on the globe to be interconnected and accessing programs and data from any site anywhere. This later became the basis of what we now know as the internet. The term “cloud computing” however was not coined until the late 90s and early 2000s as it started to became available to the masses.
Keep in mind that “the cloud” is not just a few servers either. Data is stored in very large warehouses that are managed and guarded by companies like Google, Apple, and Dropbox. Yes, the cloud is a real physical and tangible storage facility (not in the sky).
The cloud is complicated in nature because there are multiple parties involved rather than just one in the case of local storage. If you give your data to a cloud provider, your cloud provider can outsource its work to another storage or process provider, so who is responsible if your information is lost or damaged?
Ownership rights are generally covered by three areas of law—copyright, confidentiality, and contract. Copyright grants the creator of an original work exclusive rights for its use and distribution. Confidentiality, are contracts entered into by two or more parties in which some or all of the parties agree that certain types of information that pass from one party to the other or that are created by one of the parties will remain confidential. A contract is a voluntary arrangement between two or more parties that is enforceable at law as a binding legal agreement. However, the implementations of these laws are all dependent on the country where your data is being stored. If your data is created in one country and stored in another the rules that apply become skewed.
There are two types of data in the cloud. Data created outside the cloud and data created within the cloud. You can safely assume that data created outside the cloud belongs to the creator, under copyright laws. Conversely, ownership of the data created IN the cloud either by the customer or the provider is not so clear-cut. You need to be conscious of the service agreement language between you and your cloud provider.
Moving forward, well-established cloud vendors are beginning to construct their service agreements to include the privacy of your data. For example, Section 3.2 of the Amazon Web services customer agreement states:
“We will not (a) disclose Your Content to any government or third party or (b) subject to Section 3.3, move Your Content from the AWS regions selected by you; except in each case as necessary to comply with the law or a binding order of a governmental body. Unless it would violate the law or a binding order of a governmental body, we will give you notice of any legal requirement or order referred to in this Section 3.2.”
There are advances being made towards the security and privacy of data stored in the cloud. So long as customers continue to strive to protect their intellectual property rights, smart cloud providers will listen and respond.
Depending on the sensitivity of your data and how it’s processed in the cloud it may be necessary for you to negotiate the contract language between you and your provider.
To keep up to date on legal issues surrounding use of the cloud check out this great resource at the Cloud Legal Project