Challenges of IP protection in era of cloud computing
1. Assignment - 2
Challenges of IP protection in era of cloud computing
Submitted by
Mohammed Naseer Khan (1226114117)
Submitted to
Dr. Lakshmi Priya. A
Faculty
Gitam School of International Business
2. 1. Introduction:-
A new generation of technology is transforming the world of computing. Internet-
based data storage and services—also known as “cloud computing”—are rapidly
emerging to complement the traditional model of software running and data being
stored on desktop PCs and servers. In simple terms, cloud computing is a way to
enhance computing experiences by enabling users to access software applications
and data that are stored at off-site datacenters rather than on the user’s own device
or PC or at an organization’s on-site datacenter. E-mail, instant messaging,
business software, and Web content management are among the many applications
that may be offered via a cloud environment. Many of these applications have been
offered remotely over the Internet for a number of years, which means that cloud
computing might not feel markedly different from the current Web for most users.
(Technical readers will rightly cite a number of distinct attributes—including
scalability, flexibility, and resource pooling—as key differentiators of the cloud.
These types of technical attributes will not be addressed here because they are
outside the scope of this document.) Cloud computing does raise a number of
important policy questions concerning how people, organizations, and
governments handle information and interactions in this environment. However,
with regard to most data privacy questions as well as the perspective of typical
users, cloud computing reflects the evolution of the Internet computing experiences
we have long enjoyed, rather than a revolution. Microsoft recognizes that privacy
protections are essential to building the customer trust needed for cloud computing
and the Internet to reach their full potential. Customers also expect their data and
applications stored in the cloud to remain private and secure. While the challenges
of providing security and privacy are evolving along with the cloud, the underlying
principles haven’t changed—and Microsoft remains committed to those principles.
3. We work to build secure systems and datacenters that help us protect individuals’
privacy, and we adhere to clear, responsible privacy policies in our business
practices—from software development through service delivery, operation, and
support. Enterprise customers typically approach cloud computing with a
predefined data management strategy, and they use that strategy as a foundation to
assess whether a given service offering meets their specific needs. As a result,
privacy protections might vary in different business contexts. This is not new or
unique to the cloud environment. Ultimately, we expect the technology industry,
consumers, and governments to agree on baseline privacy practices that span
industries and countries. As that consensus view evolves, Microsoft will remain an
active voice in the discussion—drawing on our extensive experience and our
commitment to helping create a safer, more secure Internet that enables free
expression and commerce.
4. Cloud computing:“Cloud computing” refers to Internet-based computing that
allows organizations to access a pool or network of computing resources that are
owned and maintained by a third party via the Internet.
Cloud computer user: A customer or user may be an individual, a business, a
government agency or any other entity.
Cloud service provider: An organization that offers a cloud computing service. A
cloud provider may be an individual, a corporation or a business, a non-
government agency or any other entity.
Third party: A cloud service provider is one type of third party, which maintains
information about or on behalf of another entity.
Personal data: Privacy rules define the term "personal information" as any
information that relates to a natural person, who either directly or indirectly, in
combination with other information that is available or likely to be available to a
corporate entity, is capable of identifying such a person.
Privacy: It means free from the interference from others. Privacy control allows
the person to maintain varying degrees of intimacy. It helps in protecting love,
friendship and trust.
2. Review of Literature:-
As noted in the Seminar of "Cloud Computing and the Future of Copyright Law"
conducted by the General Administration of Press and Publication and the National
Copyright Administration, cloud computing is leading information industry to a
new stage. However, copyright protection confronted by this new technology
remains inadequate.
"If you are enjoying such third-party information services as MySpace, Face book,
Hotmail and Gmail, you have accessed cloud computing." Experts noted that a
series of intellectual property issues will arise in cloud computing system. As for
individuals, does it constitute copyright infringement when users do not purchase
software but to download them? Will users get involved in the infringement of
cloud service? As for companies, will it involve trade secrets as companies'
information is stored in cloud terminals? Are users equal to companies upon the
5. security of cloud terminals? If cloud service is provided to related departments as
required by the government, does it constitute disclosure of secrets?
Cloud computing brings new opportunities to Internet industry, software industry
and copyright industry, but also changes the licensing of software and digital
works. Intellectual property issues, especially the problems on copyright, have thus
become new challenges to the legal system, licensing, usage as well as the revision
of copyright law.
As a part of the 7th China (Shenzhen) International Cultural Industries Fair, the
Seminar of Cloud Computing and the Future of Copyright Law as a
communication platform for industrial circles and academic circles attracted a
large number of domestic and foreign experts. They introduced the definition of
cloud computing, discussed the copyright licensing and copyright protection under
the current legal system and explored the implications for information network
dissemination and cloud computing office.
The rate of cyber crime / hacker attacks on cloud computing environment is on
rise, and it consider to be the tempting play land for the hackers. A cloud is the
combination of several heterogeneous entities and security of such an environment
is very difficult. Numerous privacy issues like retention and destruction of data is
also there. The cross border transition of data also presents another security issue
as there is a difference in policies among different countries. IP Spoofing is
another very serious security challenge for the cloud computing. The Virtual
Machines (VM) are assigned an IP address and the hackers try to have these IP
addresses of the VMs. In some cases it results in access to the confidential of the
users. It is a fact that the user will be no more in control of its data once it is
outsourced to the cloud environment. Apparently it is believed that no one is in a
position to say anything about the data, where it will be stored, where it will be
processed, and who has the right to access and who cannot.
The customers of the cloud services have shown great concern on the security and
the way to access the cloud computing environment. It is important for a Cloud
Service Provider (CSP) to give surety to its user that the information stored on the
cloud site is secure, safe and it cannot be accessible by unauthorized personnel. A
cloud security framework which will trace the movement and processing of
6. information which are available for processing on the cloud, the system required
that there should be a security capture device on the cloud. The functionality of the
device will be to ensure the cloud user that their information is safe from any
security threat or attack.
Challenges and Best Practices for Cloud Computing:-
Presently at all levels of the cloud computing platform, whether it is the network
layer, web application layer or host layer there exist a corresponding security
threat. Such types of security issues have been studies extensively by the
professionals in the field of information security. Cloud computing security need to
be focus on the analysis and providing solutions for cloud computing service
computing model, dynamic virtualization management, and multi-tenant shared
operational mode for data security and privacy protection [13]. The cloud
customers (company) trust the Cloud Service Provider (CSP) when it outsource its
sensitive data or run applications on a remote site of the CSP. The computer
system will be vulnerable to inside threats, although by having the most
sophisticated firewalls and computer security mechanism. Due to the dereliction in
duty by internal staff, hacker attacks and system failures lead to a variety of risks
to security mechanisms such as the data lose, cloud service providers assures users
that their data is safe and protected.
3. Research methodology:-
The following are the research questions addressed in this paper:
X how much is cloud computing adopted in IT sectors, government
agencies, schools and colleges?
X How much is cloud computing emerging through the past few years in
terms of new technological development?
X What are the applications and details regarding various services provided
by companies based on cloud computing?
X Which cloud computing application has wide range of features and the
best option for public use?
X How can hybrid cloud be utilized in large and medium scale industries?
7. This study is a qualitative and quantitative analysis of cloud computing and its
adoption and application in various sectors of commercial firms. The research is a
critical literature review based on secondary data. This paper emphasizes on
summarizing the various facts including application of cloud computing in real-
world model. Specifically, apart from reviewing studies that directly address cloud
computing, this systematic review also covers general computing and IT journal
papers, conference proceedings, books, industrial white papers, and technical
reports.
Adoption of cloud computing in various sectors and data analysis: - ™
Asian countries Cloud computing has proven to be a vast technological
advancement in various industrial sectors [2]. But still there are various sectors
which have left cloud computing untouched maybe due to the various technicalities
associated with its usage. Given below is the statistics about the cloud computing
and its usage in IT sectors.
According to the data we can see that, there are various respondents who are
gaining knowledge and exposure to cloud computing with their increasing
experience in IT sectors. But the graph is abruptly decreasing at various places.
This may be due to the extensive development in the cloud computing that the
adoption took a bit of time along with its understanding.
8. The pie chart shows the variation between the IT professionals having wide
knowledge and experience about cloud computing and those who are still new in
this sector. The majority of respondents are located in western countries and the
remaining 20% are from India. All respondents have international IT working
experience of them had previously worked with clients in diverse manufacturing
industries and service sectors. The bar chart indicates that the vast majority of the
respondents have more than 4 years of IT industrial experience. A significant
percentage of people have practical experience in cloud computing. Moreover, the
pie chart indicates that the respondents, who do not have practical cloud
experience, still have good knowledge about cloud computing or at least
understand the basic concepts of this advanced IT model.
Western counties:-Apart from the widespread technological developments in
western countries, cloud computing has also risen up to a vast dimension including
its broad usage in companies, schools and other government sectors.
9. This survey data represents the percentage of adoption of cloud computing in
western countries. Among companies, small companies have adopted cloud
computing the most. Among schools, elementary, middle and high schools have
adopted cloud computing the most. Among government, federal government has
adopted cloud computing the most. When the companies, schools, government and
medical institutions are compared it is found that companies and other
organizations have adopted cloud computing to a large extent. Cloud computing is
adopted the least in medical institutions. This may be due to various reasons such
as service reliability, data security, system users and other financial issues.
Growing trend of cloud adoption: -
Since the invention to the implementation, there has been a constant growth in
cloud development and management. IT companies and other organizations are
taking various steps to increase cloud computing techniques.
Statistical data of cloud adoption in Indian organizations Most of the IT related
organizations are situated in India, hence cloud computing was highly adopted in
Indian organizations. There has been a significant increase in the percentage of
companies using cloud computing in 2011 to those in 2012.
11. The above table demonstrates that India does not have an overarching privacy law.
Nonetheless, the IT Amendment Act 2008 and the Information Technology
(Reasonable security practices and procedures and sensitive personal data or
information) Rules 2011 can protect personal data and regulate privacy issues of
cloud computing or any other technology. Other legislation is also quite effective
in providing solutions in related areas. However, India is still managing the
protection of personal data with many pieces of legislation, which can lead to
confusion for its citizens, corporate sectors, the government, as well as outsiders.
Even Indian courts have not created any precedents relating to technology related
privacy issues.
The need for a privacy law in India At present India’s privacy-related
jurisprudence is judicially derived from the fundamental rights set out in the Indian
Constitution. All judgments have been delivered within the context of individuals’
rights to “physical privacy” against harassment by government authorities,
although not against harassment by any private person. With increasing adoption
of digitization in India, public and private sectors collect vast amount of personal
data of an individual. Currently, there is no proper dedicated legal framework to
protect personal data and privacy from misuse in either the public or the private
sector. The Indian Unique Identification Number (UID)30 project, which deals
with large amounts of biometric data and personal information and stores this
information on a decentralized database, has no legal protection in India. On the
other hand, India is an IT hub, managing Vibrant ITES, BPO and KPO projects
12. outsourced from abroad. Therefore, through these projects, India engages with
personal information of foreign nationals and, in order to comply with international
standards, India requires comprehensive legislation covering privacy and personal
data protection, instead of the existing patchwork law structure.
Personal data protection and privacy in the European Union The Organization for
Economic Co-operation and Development (OECD) adopted Guidelines on the
Protection of Privacy and Transborder Flows of Personal Data in 1980, but the
fundamental principle of privacy in the European Union (EU) is set out in Article 8
of the European Convention on Human Rights, which states that “everyone has the
right to respect for his private and family life, his home and his correspondence.”
This right to privacy is not absolute, however, and can be restricted under certain
circumstances.31 The original EU Data Protection Directive 95/46/EC (European
Directive) was enacted in 1995.32 The European Directive and the e-privacy and
electronic communications Directive 2002/58/EC, which covers data retention, are
the main legal instruments covering privacy and the processing of personal data in
Europe.
5. Land mark case laws in reference to the topic:-
The Indian Information Technology Act, 2000 the development of electronic
information systems in India enhanced awareness regarding the need to protect
personal information. The Indian Information Technology Act (IT Act) came into
force in 2000. The IT Act is based on Resolution A/RES/51/162 adopted by the
General Assembly of the United Nations on 30 January 1997 and is related to the
United Nations Commission on International Trade Law (UNCITRAL) Model
Law on Electronic Commerce. This legislation deals primarily with electronic
transactions and digital signatures. The primary scope of this Act is to regulate e-
commerce and promote the IT sector. The IT Act does not deal with privacy. 7.2.2
Information Technology (Amendment) Act 2008 and Information Technology
(Reasonable Security Practices and Procedures and Sensitive Personal
Information) Rules, Information Technology (Intermediary Guidelines) 2011. The
main laws regulating data privacy are the Information Technology (Amendment)
Act 2008 (IT Act 2008) and Information Technology (Reasonable Security
Practices and Procedures and Sensitive Personal Information) Rules 2011 (IT
Privacy Rules 2011). The concept of privacy was introduced in the IT Act 2008
13. through Section 43-A (compensation for failure to protect data) and Section 72-A
(punishment for disclosure of information in breach of lawful contract). In 2011,
the Information Technology (Reasonable Security Practices and Procedures and
Sensitive Personal Information) Rules Act was introduced. It extends the scope of
section 43A of the IT Act and regulates the collection, disclosure and transfer of
sensitive personal data. The IT Privacy Rules 2011 requires corporate entities,
which collect, process and storing personal data, including sensitive personal
information, to comply with certain procedures. It distinguishes “personal
information” and “sensitive personal information” as defined below. According to
IT Privacy Rules 2011, enacted under section 87(2) of the IT Act, which defines
“sensitive personal data or information”, the following information is included:
Passwords
Financial information, such as bank account, credit or debit card, or other
payment instrument details
Information regarding physical, physiological and mental health
Sexual orientation Medical records and history
Biometric information (technologies that measure and analyze human body
characteristics, such as “fingerprints”, “eye retinas and irises”, “voice patterns”,
“facial patterns”, “hand measurements” and “DNA” for authentication purposes)
Any details relating to the above bullet points provided to the body corporate
responsible for providing a service or for processing or storing data under a lawful
contract, or otherwise.
However, any information that is freely available in the public domain is not
considered as sensitive personal data or information and is exempt from the above
definitions, as set out by the 2005 Right to Information Act or any other law in
force.
The IT Privacy Rules 2011 distinguishes “personal information” and “sensitive
personal information”, which were not previously included. The law requires that a
corporate entity or the person on whose behalf it collects, stores and processes
14. personal data or information need to meet the “Reasonable Security Practices and
Procedures”.
Reasonable security practices:
According to IT Privacy Rules 2011, “Reasonable Security Practices and
Procedures” are considered satisfied if a body corporate has implemented security
practices and standards and has comprehensively documented information security
programmes and policies that are commensurate with the information assets being
protected. The IT Privacy Rules 2011 also sets out that International standards (IS /
ISO / IEC 27001) is one such standard (Standards) which could be implemented by
a bodycorporate. If any industry association follows standards other than IS / ISO /
IEC 27001 for data protection, they need to get their codes (Codes) approved by
the Indian central government.
Consent: The IT Privacy Rules 2011 states that any corporate entity or any person
acting on its behalf, which collects sensitive personal information, must obtain
written consent (through letter, email or fax) from the providers of that
information.
Collection and processing: Section 43-A of the IT Act defines “reasonable
security practices and procedures” which states: “Where a body corporate,
possessing, dealing or handling any sensitive personal data or information in a
computer resource which it owns, controls or operates, is negligent in
implementing and maintaining reasonable security practices and procedures and
thereby causes wrongful loss or wrongful gain to any person, such a body
corporate shall be liable to pay damages by way of compensation to the person so
affected”.
Data protection officer: IT Privacy Rules 2011 mandates that every corporate
entity collecting sensitive personal information must appoint a grievance officer to
address complaints relating to the processing of such information. The contact
details of the grievance officer must be published on the corporate entity’s website.
Data transfer: There are no specific rules regulating the transfer of data outside of
India, but the data collector must obtain the consent of the provider of information
to transfer the data to any other entity in India or to an entity abroad, providing the
15. other country ensures the same level of protection. However data can also be
transferred by means of a data transfer agreement between two parties. This
agreement should contain adequate indemnity provisions for third party breaches,
clearly specify the end purpose of data processing (including a list of those with
access to such data) and specify a mode of data transfer that is adequately secure
and safe.26 Finally, it is the responsibility of the corporate entity to not transfer
any sensitive personal information to another person or entity which does not
maintain the same level of data protection as stipulated by the Act.
Data breach notification law Data breach notification plays a very important role in
the context of cloud computing services. Data may be processed or handled by
third parties (subcontractors). In some instances, data may be misused by such
third parties, causing the person providing the information harm, be it social harm,
physical harm, significant humiliation or damage to reputation.
6. Analysis of the legalprinciple:-
Government access to cloud computing data and implication for privacy One
obstacle for the growth of cloud computing is government access to data in the
cloud. Both cloud users and cloud service providers are struggling to understand
when and how the government can access users’ data, which is processed and
stored in the cloud. Governments need some degree of access to data for criminal
(including cybercrime) investigations and for purposes of national security. But
privacy and confidentiality are also important issues, so the burden to provide legal
justification falls on the government. However, at present, the world’s Internet
traffic is routed through the United States, and most online data is held there. In the
USA, government access to online data was outlined in the Patriot Act 2001. The
Electronic Communications Privacy Act (“ECPA”) regulates cloud data which is
stored by cloud providers in most cases. However, data can be accessed by the
government by means of a search warrant, an ECPA court order or a subpoena
issued by the government to the cloud provider. In 2007, the US government
enacted the “Protect America Act” which allows the government to access
electronic data without a warrant. In 2008 the FISA amendment Act made the
Prism Internet Surveillance Program (PRISM) technically legal by obliging private
companies to enable the US intelligence agencies to access their data.35 Through
NSA’s PRISM, the USA has accessed vast amounts of individuals’ private
16. communications, photographs, emails, voice traffic, file transfers, as well as social
networking data from both domestic and foreign providers. This has raised major
privacy and confidentiality concerns for customers of cloud-based services.
Intellectual property (IP) rights issues arise in relation to copyright, trademark or
patent law. A customer using a PaaS or SaaS cloud environment must be aware of
a variety of IP rights questions that can occur in regard to data processing such as
the required cloud software licenses or third party IP rights. Despite differing
licensing and patent systems being employed around the world, the EU has
clarified that "ideas and principles which underlie any element of a computer
program, including those which underlie its interfaces, are not protected by
copyright".
This approach causes a conflict with patent laws in the US which allow for such a
protection. So far the main cloud digital media providers (all US) have developed
their own systems in order to protect them against infringement of their intellectual
property. These so called Digital Rights Management (DRM) systems are imposed
on all of their cloud users and essentially place the power to access a certain
software or media in the cloud provider's hands. A good example for such a
practice is the Amazon Kindle book reader. A customer only pays for the license to
access a certain book electronically via a DRM system but does not own the book
itself.
When a cloud customer uses a cloud software solution which potentially is
violating intellectual property rights the obligations and acts of each party must be
closely analyzed. In doing so, pinpointing an exact location of an intellectual
property breach is challenging as the processing can take place in one country,
storage and transmission in another. Additionally, not only one infringing party
may be involved but a variety of parties (cloud provider, server centers, software
distributor), thus theoretically requiring an apportionment of the infringement. A
possible solution would be to target the user of the cloud service being the
infringer of the right and the cloud provider for inducing the infringement.
However, proving a breach will be very hard to achieve, especially if the breach
only involves components of software used in a cloud environment. Furthermore,
the extent to which a cloud provider facilitates an IP infringement, either by
supplying an on-demand self-service infrastructure to the customer or alternatively
requiring human interaction before a service is rendered will be of significance in
attributing liability. A similar approach is being taken by the European courts. In
the L’Oreal/eBay case the court also emphasized that the platform provider's own
17. investigations into its customers usage must be taken into account but did not go so
far as to impose a general monitoring obligation.
Cloud software systems are closed off and generally cannot be traced backward,
making a posterior assessment of an infringement impossible. Nevertheless, a
cloud customer should ensure that it is granted a contractual indemnity for
potential IP violations caused by the cloud provider's software. In addition to this
fairly standard scenario where the cloud provider grants access to a standard
software environment, customers often use open source software to meet their
specific needs. This software is further refined (either by the customer or the
provider) and adjusted precisely to the customer's specifications. A cloud provider
could later use this "new" software and distribute it to its other customers whilst
infringing the developing customer's IP rights. On the one side a customer should
therefore carefully review its contracts to ascertain whether a right to use and
further distribute the software is being granted to the cloud provider. On the other
side a cloud customer might only want to gain short term access to specific
individualized open source cloud software in order to acquire certain know how.
Some cloud providers do not supply the licenses or software a customer requires to
have implemented in its cloud environment. In such a situation the customer is
responsible for obtaining the appropriate license or usage right. Acquiring such a
right might not be as easy as it sounds. Most software providers have not yet fully
developed their licensing systems for the cloud as the remuneration models and
approaches differ widely. One can possibly calculate the license fee in a number of
different ways such as through a fee per user, per utilized processor or per data set
created.
Asserting patent rights:-
Let us consider an example where company A holds a patent that claims a method
of adding two numbers and displaying a result (assuming such a thing would be
patentable, of course!).
In the traditional computing scenario, we would know exactly where the
information is stored, and where the information is processed before displaying the
result. Therefore, it would be easy to assert an infringement as it is possible to
identify who is infringing by scanning hardware devices (because where the
program is running is defined), and by reviewing the algorithms either manually or
automatically (because where the data is stored is defined).
Cloud computing services promise to provide on-demand resources, both
processing and data storage. Cloud computing systems make this possible by
18. connecting multiple and distributed data centers on a need-basis. Sometimes the
data centers that are connected need not be belonging to a single service provider,
and therefore need not be even in a single country. To further compound the
problem, cloud computing systems actually try to ensure that the location is not
known in order to ensure secrecy of data. Therefore, it is possible that for an
application hosted by a client, the data may be stored at one location, and
execution may happen in another location depending on availability of resources.
And, the two locations may be in two different countries.
Now, coming back to the example, let us say that company B is infringing on the
patent by way of executing the method claimed in the patent.
If company B is hosting the infringing application in a traditional hosted service
environment, it would be easy to prove that infringement actually happens by
identifying the machine where the methods are executed, and by verifying the
algorithm underlying the application. However, if the infringing application is
operating in a cloud computing environment, it is extremely difficult for company
A to investigate to check if infringement is happening indeed. For all we know, the
storage of numbers in the aforementioned example could be on a cloud
infrastructure with one service provider, and the execution of adding numbers
could be happening on a cloud infrastructure with another service provider. And,
the infrastructure controlled by the two service providers may be in different
locations/countries. It will be interesting to see how technology and business
models evolve in cloud computing space to accommodate these requirements.
7. Relatedcases:-
Kharak Singh vs. the State of Uttar Pradesh (UP)22
In this case, the appellant was being harassed by the police under Regulation
236(b) of UP police regulations, which permit domiciliary visits at night. The
Supreme Court found Regulation 236 unconstitutional and in violation of Article
21. It is true that the Indian constitution never expressly declares the “right to
privacy” as part of fundamental rights, but the court concluded that Article 21 of
the constitution includes the “right to privacy” as part of the right to “protection of
life and personal liberty”.
R. Rajagopal vs. the State of Tamil Nadu23
In this judgment, the court stated that “A citizen has a right to safeguard his
privacy, the privacy of his family, marriage, procreation, motherhood, child
19. bearing and education among other matters. No one can publish anything
concerning the above matters without his consent - whether truthful or otherwise
and whether laudatory or critical. If he does so, he would be violating the right to
privacy of the person concerned and would be liable in an action for damages”.
People’s Union for Civil Liberties (PUCL) vs. Union of India 24
The Supreme Court ruled that the telephone tapping by the government under
Statute 5(2) of the Telegraph Act (1885) amounts to the infraction of Article 21 of
the Indian Constitution. The right to privacy is part of the right to “life” and
“personal liberty” enshrined under Article 21 of the constitution. The said right
cannot be curtailed “except according to procedure established by law”. The court
wanted the right to privacy under Article 21 to be expounded consistently with
Article 17 of the International Covenant on Civil and Political Rights.
Naz Foundation vs. Govt. of NCT of Delhi25
The Delhi High Court judgment allows persons to develop human relations
without the interference from the outside community or from the state. It states:
“The right to privacy thus has been held to protect a ‘private space in which man
may become and remain himself’”. However, all cases dealing with the right to
privacy have been decided in the context of government actions that resulted in
private citizens being denied their right to personal privacy. No privacy judgment
has granted private citizens a right of action against the breach of privacy by
another private citizen. To that extent, data protection and personal privacy
jurisprudence in India is not yet developed.
Nivedita Sharma vs. Bharti Tele Ventures, ICICI Bank Ltd, American Express
Bank.
20. 8. Conclusion:-
In summary, the murkiness of the “cloud” has introduced interesting challenges to
the IP system. While the technology evolves and the IP system makes necessary
adjustments to counter challenges posed by the evolution, being aware of the
associated risks and taking simple measures can help owners reduce risk exposure
considerably.
Client-plus-cloud computing offers enhanced choice, flexibility, operational
efficiency and cost savings for businesses and consumers. To take full advantage
of these benefits, users must be given reliable assurances regarding the privacy and
security of their online data. In addition, a number of regulatory, jurisdictional, and
public policy issues remain to be solved in order for online computing to thrive.
Microsoft has been addressing many of these issues since 1994, when we delivered
our first online services for consumers and enterprises. Our breadth of experience
has shaped our company’s privacy principles, corporate privacy policy, product
and service development, and overall business practices. These components anchor
our commitment to maintaining the highest standards of privacy and security in our
online services and to partnering with other industry leaders, governments, and
consumer organizations to develop globally consistent privacy frameworks that
enable the expansion of the economic and social value of cloud-based computing
The status of data is gradually changing, and the Internet and cloud computing are
making data the subject of “property, privacy and economic rights” for all
individuals. There are many differences between traditional IT infrastructure and
cloud computing. The benefits of cloud computing have led to many stakeholders
moving their data and infrastructure into the virtual world, where one cannot find
any rules and regulations to regulate their virtual assets. Technology has the same
uniform implications for privacy and personal data protection, whereas the concept
of privacy jurisprudence may differ from country to country. Privacy may be
viewed from different angles: in the United States, data privacy is a matter of
consumer law; in Europe, it is a fundamental right; in India there is no concept
called “data privacy”, but the right to privacy is a part of the right to “life” and
“personal liberty” enshrined in Article 21 of the Constitution. Technology,
however, has the same implications for privacy around the world. Data moves
around the globe within fractions of a second with the same security and privacy
21. risks, but countries around the world still create legal environments to regulate it.
Most countries have attempted to patch available legislation, with India among
them, while the rest of struggle in the absence of legal frameworks to protect
personal data and privacy. This is the right time to set a “global standard” on data
privacy. In the EU, data protection directives guide legislation relating to the
protection of privacy and personal data, with the EU constantly trying to set a
“global standard” law on data privacy. India does not have any guiding legislation,
but it is moving toward a set of data protection and privacy laws. India requires a
proper environment develop technology awareness, technology enablers,
institutions to ensure standardization, expertise to set up cooperation between the
government and corporate sectors, to establish a comprehensive legal system for
future technologies.