May 01, 2013
The latest issue of Lexpert’s article "The Online Minefield" quotes partner Pat Flaherty on various aspects of internet privacy, including potential risks around apps and cloud computing. Below are selections from the article.
Dominating the discussion these days are the issues that arise from the multijurisdictional nature of the entities participating in cloud computing. "It is not unusual to have a transnational cast of characters behind a cloud provider" says Pat Flaherty in Torys LLP’s Toronto office. "A provider operating in the United States can be dealing with personal information of users in Canada and Australia while utilizing data processors in India who access the data on servers located in Uruguay–all of which is backed up on servers in Ireland."
Other concerns relate to the fact that data access may be compromised when stored in developing countries that have histories of totalitarian regimes, as well as the continuing uncertainty about the applicability of laws relating to jurisdiction. "It’s not often clear about which country’s laws apply and when they apply," Flaherty says. "Different legal systems often have different concepts of jurisdiction."
From a Canadian perspective, due diligence in terms of asking where data is going and who will have access, is also critical. "Canada’s Privacy Commissioners have done an excellent job in formulating guidelines and checklists." Flaherty says.
The reality, however, is that most cost-effective cloud services are based on standard form contracts, especially if the services are free. "Even when someone’s paying for the services, only very high-volume users may be able to negotiate out the bumps in the standard forms," Flaherty says, "But that’s just a function of market power, and all people can do is remain sufficiently sensitized and use whatever contractual techniques they can to mitigate risk."
To read the article, click here.
Pat’s comments were also used to contribute to an October 2013 Lexpert piece on privacy and cloud computing.