SciELO - Scientific Electronic Library Online

 
vol.15 número3Gestión intercultural y plurinacional de los comités de ética en las universidades del EcuadorAnálisis de la declaración de budapest desde la perspectiva del concepto de tecnociencia solidaria índice de autoresíndice de materiabúsqueda de artículos
Home Pagelista alfabética de revistas  

Servicios Personalizados

Articulo

Indicadores

  • No hay articulos citadosCitado por SciELO

Links relacionados

  • No hay articulos similaresSimilares en SciELO

Compartir


Revista Universidad y Sociedad

versión On-line ISSN 2218-3620

Universidad y Sociedad vol.15 no.3 Cienfuegos mayo.-jun. 2023  Epub 30-Jun-2023

 

Artículo Original

The legal problems facing the conclusion of cloud computing contracts

Los problemas jurídicos a los que se enfrenta la celebración de contratos de computación en nube

0000-0002-9073-7254Ahmed Moustafa Aldabousi1  * 

1American University in the Emirates, Dubai, UAE

ABSTRACT

Cloud computing is an electronic service provided through legal transactions conducted by modern digital means, allowing for a quick and easy transition from pre-contracting to post-contracting stages, although it is in fact a legal contract. However, in the United Arab Emirates, the legislator has not adequately addressed the legal regulation for the conclusion of cloud contracts, leading to various legal problems that require specific solutions. The aim of this study is to specify the concept and nature of the contractual relationship between the parties of cloud contracts, identify the problems facing the conclusion process of cloud contracts, and suggest necessary solutions to create a legal regulation for this type of digital contracts. As a result, it is recommended to regularize cloud contracts as a new type and a new contract form of electronic contracts and to adapt them as special type contract agreements to protect users. Measures must be taken to identify and address current problems and create a legal framework that specifies the legal nature of cloud contracts and their effects on the rights and obligations of the involved parties.

Key words: Legal Problems; Cloud Computing; Contracts

RESUMEN

La computación en nube es un servicio electrónico que se presta a través de transacciones legales realizadas por medios digitales modernos, lo que permite una transición rápida y sencilla de las fases previas a la contratación a las posteriores, aunque de hecho se trata de un contrato legal. Sin embargo, en los Emiratos Árabes Unidos, el legislador no ha abordado adecuadamente la regulación jurídica de la celebración de contratos en nube, lo que ha dado lugar a diversos problemas jurídicos que requieren soluciones específicas. El objetivo de este estudio es especificar el concepto y la naturaleza de la relación contractual entre las partes de los contratos en nube, identificar los problemas a los que se enfrenta el proceso de conclusión de los contratos en nube y sugerir las soluciones necesarias para crear una regulación legal para este tipo de contratos digitales. Como resultado, se recomienda regularizar los contratos en la nube como un nuevo tipo y una nueva forma contractual de contratos electrónicos y adaptarlos como acuerdos contractuales de tipo especial para proteger a los usuarios. Deben tomarse medidas para identificar y abordar los problemas actuales y crear un marco jurídico que especifique la naturaleza jurídica de los contratos en nube y sus efectos sobre los derechos y obligaciones de las partes implicadas.

Palabras-clave: Problemas legales; Computación en la nube; Contratos

Introduction

The Cloud computing service has spread to a wide commercial scale in our work lives and extended to cover several electronic services such as data processing and storing, e-presentation of products, making deals and exchange of trade and cultural services and information.

The Cloud computing is an on-demand self-service featured with flexibility and speed. It reaches the end-user via multi-services network (Mell & Grance, 2009, p. 2). It is also accessible via multiple platforms such mobile phones and computers. The Cloud computing is modern concept designed to make use of memories and computing capabilities of the worldwide computers and servers and interconnect the same through this network. The cloud computing provides on demand adequate storage capacity without the need for infrastructure of high material cost.

The Cloud Computing is a variety of services offered by the service providers to the end users via the internet network with the aim of exploiting the superior capabilities and potentials of the service provider without the need to buy expensive hardware to perform the same functions.

The Cloud Computing is defined by US National Institute of Standards and Technology (NIST) as (an effective means for storing data in special servers accessible on demand via the internet network and used as an efficient tool of interface between the end user and the service provider.

The US National Institute of Standards and Technology (NIST) defines the Cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction)

As per the above definition, the Cloud computing is deemed as one of most sophisticated techniques based on authentication (of password/user name) that enables sharing of defined and specified data simultaneously by a variety of end users who are spontaneously processing their files as long as they have access to the website and engaging others in using and sharing in the same data as long as long as they were able to communicate online, with permission they were allowed in advance to access these data.

The cloud computing is also defined as a new means for dissemination of computing technology to provide the end users with capability of access to the same, store and save such data via the internet network. The cloud itself is a network of data centres each one comprises of thousands of computers working together. The program functions of this system may be performed on personal computers or businesses by enabling the end users to have access to various internet platforms, applications and online e-services) Jeffrey & Andrew 2011). Technically the cloud computing is concerned with the management of the new technologies, development and promotion of applications as well as personal and corporate applications, capabilities of servers and storing.

The Report of expert group to the European Communities Committee (Expert Group Report 2010) define the cloud computing as a hypothetical situation that can be easily dealt with technically. It conceals the technical complexities of the communication process. It displays for the end user the area of existence and presentation without the need that such end user should possess the required technical knowledge or should employ computer specialists to possess the necessary capability to store or interact on-line.

We believe that all above-mentioned definitions, despite their similarity, differently and accurately describe the functions of the cloud computing. It is a common service provided via links with the service provider. It is technically used in all scientific, entertainment and social issues. This matter, however, has not been adequately regulated from the legal standpoint.

The above description reflects the fact that the cloud computing differs from what are known as the cloud services. The former is the base of IT that form the cloud, its area, techniques made available to the end user. On other hand the clod services are multimedia services accessed by the end user via the cloud computing technology provided by third parties. It is accessed via global access network. Thus, it is difficult to define the cloud computing contracts as an electronic record or document owing to the different nature of each. The electronic record or document is defined under the Article (1) of the Federal Law No. 1 of 2006 on Electronic Commerce and Transactions as “a record or document that is created, stored, generated, copied, sent, communicated or received by electronic means, on a tangible medium or any other electronic medium and is retrievable in perceivable form”. The end user accesses cloud computing service via electronic applications and sends/receives e-mails via his/her account on Yahoo or Hotmail and gets readymade cloud computing service where his/her messages are stored in electronic cloud supported by systems of servers, networks and separated from the systems and sizes of his/her personal computer (Trabi, 2018). Thus, dealing in such systems and data storing shall be made in the space. This is the subject of our study in legal terms. From the scope pf this study, we exclude the electronic application of the hard discs such as outlook application which provides storing space for the cloud computing in the hard disc of specified computer which cannot be reused or accessed unless by the same computer in which it has been stored.

The Cloud Computing has many advantages over the capabilities of the traditional computers as regards to the storing for private individuals as well as most medium and small companies in the world. Those categories may extend their capacities to store and display data and develop their electronic tools employed mostly for commercial purposes by using facilities of servers provided by the cloud computing providers to end user to enable him/her to access the resources and tools of technology information without the need to be familiar with relevant specialized technology or provide large size infrastructure for storing (Schick, 2008). The cloud computing user may access thorough such facilities to his/her data and application from any location where the internet service is available at the lowest possible cost. There is no need to buy more software, hardware or license to continuously obtain the necessary updates and improvement for such applications and software Compatible with most devices and operating systems.

However, that does not mean that the cloud computing has no disadvantages. Like the other electronic systems, it has several disadvantages such as the non-existence of adequate guarantees to keep the personal data stored in the cloud computing system. That makes such data vulnerable to exploitation and theft. The end user may also face several problems which may not enable him enter in the cloud computing system. As consequence he/she will has no access to his/her data in many cases such as the existence of a failure in the website or network. The articles of the cloud computing contract, entered into by the service provider and the end user may cover the provision of the necessary protection for the end user’s rights. This point is one of the most important issues highlighted in this paper. In order to fulfill any cloud computing operations, a contract agreement should made between the service provider for sale on rent on one part and the party who owns the data and information for participation and cooperation between certain parties under the agreement.

What makes the organization and concluding of this kind of contracts difficult is that such contracts are made on cyberspace environment where there is no adequate protection for the parties to this kind of contracts. That is due to the fact that no national laws have been enacted yet to regularize the various aspects of contracting in this environment. Therefore, this study will address the various problems and issues faced upon concluding such contracts and present the view of the law on this kind of contracts in order to specify the accurate concept and nature of the contracting relationship between the parties to the cloud computing contracts. After that, all problems facing the process of contracting through the cloud computing will identified and the necessary suggestions will be made to create an effective legal frame for this kind of digital contracting.

What is the Cloud Computing Contract

The Cloud computing is modern technology designed to transfer the processing and the relevant storing space to the so-called “Cloud” which is a sever accessible via the Internet. Thus, all IT software will be transferred from just products to services (Sayed, 2013, p21). A then a question arises about what are the kinds of such cloud computing services, the advantages, and disadvantages of handling the cloud computing?

The Clouds services are a set of services for provision by the service provider of servers based on personal e-mails fed from the storage capacity of such servers to save and send the special files available in the e-mail. Thus, the usage of such cloud services is based on the service provider. In the same time, it is completely independent of and separate from the user. It provides the necessary tools to process and save the date on the network. That enables the end user to have access the data and technologies from any device, whether computer, mobile or smart tablet connected with the internet.

Technically, the services rendered by the cloud computing are not considered as new ones. However, it may be used through the cloud computing to have access to such services without the need to provide special infrastructure for such services or run may computers and devices. By the use of such services, the end users may dispense of Host Contracts, Outsourcing contracts and the trade licensing contracts for the utilization of software (Reed & Angel, 2007).

The UAE legislator, in the Article No. 1 of the UAE Federal law on Electronic Commerce and Transactions stipulates the possibility of using the mechanisms and services of cloud computing. It defines the what-so-called Information technology as (An electronic, magnetic, optical, electrochemical or other device used to process information and perform logical and arithmetic operations or storage functions, including any connected or directly related facility which enables the computer to store information or communication).

Accordingly, any service depending on the Information technology provided for under the above-mentioned Article of the law, may fall within the cloud services including the contracts of on-line storage for extension of the data-storage spaces and data storage processes of building information electronic website for displaying their products for sale or an interactive site for on-line buying of goods. Such transactions are performed with conclusion of a contract and on-line payment by pressing the (I Agree) icon. Same thing happens in the electronic contract templates of which the cloud contracts are considered as an applied example. Such ecommerce websites like Amazon, e-pay and yahoo which provide the end users with cloud services (Trabi, 2018, p. 3).

The Cloud services lie in the following three forms:

First Form: The Infra structure as a service which provides the end user with processing, storage spaces, the networks connecting between the servers as the other resources of the software and control system (Peter & Timothye, 2011, p. 1).

Second Form: Software Platform Service which enables the end user to access and use the Cloud Computing via Languages program, Libraries service and other services which represent a kind of necessary tools for taking advantage of the infrastructure (Peter & Timothye, 2011, p. 1).

Third Form: Software as a service provided by the service provider to run and use the cloud computing (Peter & Timothye, 2011, p. 1).

There are many kinds of cloud, however, the most important four kinds are:

  1. Private Cloud

    • It is the exclusive service that exclusively provided by the service provider to an individual or private institution even with the multitude of the users within such establishment like trade companies for example. Therefore, access to such service will be allowed for its owners only via either open or closed network. Such private cloud may be provided by a host companies. In such case, the owner of the private cloud shall have the right to monitor and control the components of the cloud infrastructures.

  2. Community Clouds

    • It is a feature by which the cloud may be used by a group of end users such as public and private organizations that do not form one unit but they are interconnected or involved in certain project or business such as banks interconnected with several money transfer agencies like western union. In such case the cloud computing is used through either closed network (Intranet) or semi-closed network (Extranet). The community clouds represent one of the forms of the joint cooperation of between a group of organizations with common interests for the aim of achieving certain common goals such the security of data on the clouds.

  3. Public Cloud

    • It is a cloud intended for common use by the public. It provides them with spaces at the applications and systems accessible by the end users of the network. This kind of clouds is used, run and managed by government, academic and commercial organizations and trademark owners. Such cloud is located far from user’s location. Such feature saves costs, time and efforts and increases the profits (King, 2008).

  4. Hybrid Cloud

    • The use of the Hybrid Cloud enables the individual end users, the public and private organizations interact with the public targeted by the Hybrid Cloud. In this kind of clouds, some companies my obtain special space in the public cloud of a large trade provider through which the service provider may sell the services to other users (Linthicum, 2011).

Regardless of the kind of services provided via the clouds, however, all services are sharing a group of the following features:

  • At-request self-service: The end user may automatically obtain computer resources without the intervention of the seller.

  • Broad Accessibility of the Network: The potential of information technology which may be accessed via standard mechanisms at any time or location are available.

  • Flexibility of Design: The capabilities of the information technology may be externally or internally extended or decreased as per the requirements of the customers. The feature enables the user to interact as per its requirements for resources without any risk.

  • Metered Service: With this feature, the utilization of the customer resources may be monitored and followed up. On other words, the end user pays for what he/she uses.

The Features of the Cloud Contracts and How to Substantiate Them:

The Features of the Cloud Contracts are important due to the fact that such features determine their basic characteristics and legal effects and are similar to the other contracts. Such features are:

  • Cloud computing contract without physical presence among its contracted parties:

  • The cloud contract is featured with an autonomous characteristic because such contract is made without the existence of a physical presence among its contracted parties or the need to meet at a contract council as the conclusion of the same is fulfilled through electronic means

  • Naming of the cloud contracts as remote contracts does not only reflect the absence of spatial gathering between the contracting parties, but it also describes the electronic statue of such cloud contracts. The electronic communication means enable such communication occur in nature and permit the end user to request and obtain cloud services outside his/her physical location. Thus, this aspect should be taken into account whenever any legal rules are applied on cloud contracts (Trabi, 2018, p. 12).

  • The consensual nature of the cloud computing contract:

  • The cloud contracts are consensual ones and originally governed by the will of the contracted parties without any regard for the legal formalities. For example, the access of the user to the cloud computing may be dependent upon the signature of a contract by the user with the provider of such service. Similar to the electronic storage websites which provide the end user with space storage to save his/her personal files. In spite the provider’s requirement that the user shall sign a contract to access to the cloud computing, however, such requirement does not prejudice the consensual nature of the contract.

  • Restrictions on freedom of will stated in cloud contacts in particular and the contracts in general, does not affect the consensual basis of the contract in any way because the consensual nature of the contract specifically means that there is no need to remove out the expression of contractual will in particular form specified by law as one the contract pillars. This description is related to the validity of the contracts in terms of one of is conditions and terms that is the Registration Clause. However, the restrictions stated by the law on the agreement clauses such as the oppressive conditions and consumer protection, thy only arise upon the stage of arranging the contract effects and not upon the formation of the contract (Trabi, 2018, p. 12).

  • The cloud computing contracts are adhesion ones:

  • The providers of the cloud services provide their services to the users via standard contracts, in most cases, concluded without any negotiation. In other cases, they may be preceded by negotiation. However, mostly the cloud services are accessible by concluding a framework agreement under which the user has no choice but to either accept or reject the provider’s conditions. The user also has no right to negotiate such terms. That makes them similar to the adhesion contracts as acceptance in adhesion contracts is limed to just conditions already prescribed by the offeror who does not accept any discussion on the same.

Following are the conditions that make the cloud contracts considered as adhesive ones:

  • The requirement to waive recourse to the courts to resolve the dispute, and obligation to refer any dispute to the arbitration or determine the governing law the competent court for the favor of the stronger party in the contracting relationship.

  • The requirement to waive recourse to the courts to resolve the dispute, and obligation to refer any dispute to the arbitration.

  • Granting the provider only the right to terminate the contract for slightest reasons

  • Evading the liability for the technical defect and the protection of the personal data. The original rule is that the provider of the cloud service shall be fully responsible for safety and integration of the cloud user’s personal data.

The original rule is that the Court’s role in contracts of adhesion is limited to the interpretation and application of the contract’s terms and conditions with the reference to the will of the parties. If we conclude that the cloud contracts are not adhesive, the judge in such case shall have no right to cancel or amend any terms or conditions even the adhesive ones. However, if we consider them as contracts of adhesion, the judge will be able to interfere in the contract conditions and terms either by cancellation or amendment for achieving the balance within the contract. That provides the best protection for the Internet user. As regards to the procedures required to be taken upon drafting any cloud contract to guarantee the rights of the parties, the on-line contract is defined as a contract entered into by presents in terms of time and Absents in terms of place. In the event that there is a long break in time between the offer and acceptance, it shall be considered as a contract between absents in terms of both time and place. In such case, the use of electronic signature, in particular the digital one to prove the electronic contracts is in consistent with evidentiary principles.

The electronic contract provides an adequate environment for online contracting of cloud contracts. It enables the service provider to clearly determine his/her obligations and scope of responsibility for any fault or damage resulting from contracting or due to the subject of the contracting such as the faults and problems of the software. It also facilitates the prosecution by two parties for the comprehensive rules determines as regards to rights and obligations. This on one hand and in the other hands, the procedures for conclusion of electronic contract are considered as entrusted ones. This aspect is emphasized by the Emirati legislator in the UAE Federal Law No. (1) of 2006 On Electronic Commerce and Transactions where the Clause No. 11 stipulates that (1- For the purpose of contracting, an offer or the acceptance of an offer may be expressed, in whole or in part, by Electronic Communication 2- A contract is not invalid or unenforceable solely by reason that Electronic Communication was used in its formation Two: Automated Electronic Transactions).

Under the Article (12), the legislator provides for that 1- A contract may be formed by the interaction of Automated Electronic Agents that include two or more Electronic Information Systems preset and preprogrammed to carry out these tasks. Such contract would be valid and enforceable even if no individual was directly involved in the conclusion of the contract within such systems 2- A contract may be formed between an Automated Electronic Information System in the possession of a natural or legal person and another natural person, where the latter knows or has reason to know that the such a system will automatically conclude or perform the contract.

We believe it is necessary to conclude a Preliminary Agreement for contracting providing for legal clauses that help to protect the user of the cloud services as consumer. Such clauses shall ensure the provision of high-quality services by providing him/her with a guarantee that the consumer shall get the quality service agreed upon under the contract. This agreement shall also include the obligations of the service provider.

The suggested agreement shall also cover certain provisions in connection with the security and confidentiality of data and information. A clause may also be added about the external auditing and who will responsible for task of an acceptable by the service provider, in particular, in relation to the sensitive data like the personal date. The customer may be requested to continue to access the servers exclusively found in the European Union and provide the necessary control over such obligation.

As for how to prove the rights of the parties in the cloud contracts, we believe that such proof may be provided in form of written note document (original) to sub stantiate certain legal acts. Whereas the electronic transactions are based on contracting without paper documents, the issue of substantiation may constitute an obstacle to their development. Following are the conditions for acceptance of the electronic written documents in evidence:

  • The evidence shall be in writing whether electronic or traditional writing. It is required that such writing shall be sufficient to identify who write such document. The literal or written evidence is the result of a series of letters, numbers, any sign, or other symbol having discernible meaning regardless the means of its transmission or style.

  • The evidence shall be electronically signed in a way that prove the indent of the person who signed such document by devoting his will to abide by what he has already signed.

The legal characterization of the Cloud Contracts

The importance of the legal characterization in the cloud contracts lies in rooting and adapting such contract on flexible and expressive legal frames covering all multiple possibilities of the electronic transactions in line with legal provisions.

The question which arises is that what is the legal characterization of the cloud contracts and what are the legal consequences of such characterization?

At first, as regards to the reference to the cloud contracts as “sale contracts”, we would like to point out that the sale contract normally creates an obligation to transfer the deed of anything or financial right against a price. It is also not possible to classify the cloud contracts as sales contracts for the consideration of the technical trade and the specialty of service only. Additionally, the provider of cloud services provides such service especially for the account of the user. Furthermore, cloud services cannot be deemed as goods but rather a service by nature and cannot be sold in future.

We feel that the valid legal characterization of the cloud services is that such contracts should be considered as contract agreements. The cloud contract’s subject is the service requested by the user and provided by the service provider. The former needs such service for his/her professional or personal work while the later specially provides the same to the user. Thus, it is what allow us to consider the cloud contract as a contract agreement. The subject of the cloud contract is the service and the parties are the service provider (the contractor) and the end user (the employer). There is nothing to prevent contracting from being an electronic service and the nature of the contracting is not required to be material.

The UAE legislator defines the contract agreement as per the Article No. 872 of the UAE Civil Code as (Contract for work is one by virtue of which one of the parties undertakes to do a piece of work in consideration of a remuneration which the other party undertakes to pay). The Article No. 890 of the same law stipulates that: When an excuse arises that prevents the execution of the contract, or the completion of its execution, any of the contracting parties may ask for its rescission or termination, as the case may be. The contract agreement is an obligation to do something or to perform a work. Such definition is applicable on the cloud services. This the contract agreement is quietly in consistent with the nature of the cloud transactions under which the service provider undertake to provide certain electronic services to the user. Additionally, the contract agreement may extend in terms of the subject, to accommodate the modern kinds of services rendered by the professional service provider to the user in a format of netting. This is one of the important feature of the contract agreement which may accommodate the modern legal transactions including the cloud contracts (Malaurie, 2004).

However, the classification of the cloud contracts as contract agreement may face some obstacles and most importantly is that the contract agreements are netting contract and that is not in consistent with the nature of the cloud contracts in many cases. In addition, the cloud user sometimes, obtains the service free of charges while in the contract agreement, the subject of the mutual commitment in the contract agreement within a dual service, requires that the same should be provided against a consideration.

The above is confirmed by the French legislator under Article I, paragraph (1), of Directive 98/34/EC as amended on 22 June 1998 which defines the digital service as the service rendered by the provider against consideration. Under paragraph 2 the service’ as defined as any Information Society service, that is to say, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of any of the following services:

  • On-line service as digital service that enables the consumers or the professionals to conclude a contract of sale or on-line service from the website of the on-line market or the website of the professional who deals with the services offered on the on-line market.

  • Internet Research Engine as digital service that enable the users to search about the websites with specified language after making an inquiry about any subject with one main word or phrase. The engine displays several links relevant to the subject of the search from which the required information may be found about the subject.

  • Cloud Service: It is a digital service that provides access to changeable and variable group of computers resources which can be shared.

Under the above provision, the cloud service should be provided against a consideration in order to be classified as contract agreement. The lack of consideration eliminates the classification of the cloud contract as a contract agreement. The cloud contracts are not a part of the consumer contract because under the latter contract the consumer shall pay the consideration of service provided from the other party. However, in the cloud contract the service is provided free of charge and the consumer pay nothing against such service.

We see that the failure to account of the characterization of the cloud contract as a contract agreement commensurate with the nature of the cloud contact at the present time. The service provider of the cloud service is mostly a trade company or professional organization with its service rendered to the consumers does not necessarily aim at collecting a price against the same. However, it aims at accessing to the personal date trade because the personal data of any consumer is considered as commercial material of financial value. The trade companies or the advertisers use such personal data to target the cloud service users later with their targeted ads. For instance, Facebook provides detailed about its cloud users such as their interests, businesses and characters. Thus, they become sortable by the advisers as per their purchasing and consumption interests before being communicated with through their electronic addresses.

The Legal Problems facing the conclusion of Cloud Computing Contracts

There are many legal problems facing the process of concluding cloud contract which shall be avoided upon drafting any provisions of cloud contracts. For most among these problems are:

The difficulty to identify where the cloud computing is located:

The cloud computing is located in the place where data and information are located. Legally, it is difficult to specify a specific place for the cloud computing. In spite of the fact that the servers contained the data bases are located in specified places such as the data bases of Google Company located in USA, however, the data stored in such servers are shared between many various data storage centers beyond the geographical boundaries. That raises difficulties in locating such data stored in cloud systems as well as obstacles in specify the law and jurisdiction to solve any dispute arisen in connection with such data due to the difficulty in locating the data bases (Mowbray, 2009).

For instance, Amazon’s provider of the cloud services allows its users to automatically store their data in specified clouds as per their geographical borders. However, the service providers at other cloud companies stipulate the user’s consent shall be obtained the conversion of the data from other clouds as per the difference in the geographical region. For example. Microsoft stipulates in their cloud contracts that the personal data collected in their clouds should be stored in USA or any other contrives in which Microsoft has branches or data bases. Similar as what happens when an electronic website or an e-mail is launched an electronic safe is opened, the provider of such service shall specify, in advance, the governing law and the competent court in the contract.

Originally, the competent law governing the cloud contract should be specified. The specification is subject to the rules of the autonomy of will in respect of the selection of the law applicable on the international contract or the so-called “the law of will” (Al Abasiri, 2003, p.295).

In case the parties do not agree to the applicable law or the jurisdiction, it can be resorted to the language of the contract or making reference to the jurisdiction of a country or any other traditional rules stated in the contract as per the rules of the international law in order to specify the applicable law. Such determination shall be subject to the judge’s discretion.

In the event that cloud computing deals are entered into with direct exchange of offer and acceptance i.e. Al Mo’atat (Fixed price sale mutual or reciprocal delivery) as happens in the search engine of Google which normally resorts to the presumed will of contracting from which the judge assesses its determination of certain law applicable to the contract. We are not talking here about implied will because the existence of the implied will is confirmed and it is shown up upon any dispute. However, the implied will initially does not exist but it appears in common domicile of the contracting parties and the place where the contract is made. It should be noted that the common domicile is less efficient as mechanism of attribution in the cloud contracts due to the dominant international nature in such contracts (Trabi, 2018, p. 8).

The difficulty to identify the controller of the data stored in cloud network:

One of the major problems of the cloud computing is identifying the controller of the data stored in cloud network and how it can be differentiated from the Data Processor. The difficulty here lies on the fact that the data and information in the cloud computing are belonged to the user however, they are stored in cloud data bases belonged to the service provider and made available through its software.

Here, a question arises about who is the controller of such data, is it the user or the provider? The importance of the answer to this question lies in determining who will be held liable for the contents of the data stored in the cloud data bases if such contents are not in conformity with the law as well as who will bear the responsibility for leaking of any information if that happens?

We believe that the cloud user is responsible for and controller of the cloud data and not the service provider for purpose of demining the responsibility for the cloud contents. This belief may be justified by the fact that such data and information are downloaded and uploaded by the end user and eventually stored in the clouds belonged to the service provider. The end user alone has the right to change or remove such data. The role of the service provider is limited to the maintenance, processing, valuation and management of the contents of the data available on the cloud data bases.

For instance, the standard contract of YAHOO provides for that the end user shall be held liable for its personal data as well as any other information and data saved by the user in the clouds as YAHOO’s role is limited to the processing of such data. Google won an important court case in Australia when the country’s High Court ruled that the Google did not violate fair trade law by allowing companies to purchase AdWords containing their competitor’s names. The High Court ruled unanimously in favor of Google, overturning a previous ruling from the Federal Court, which had ordered the company to set up a compliance program to make sure paid ads on its search engine are not misleading. The court recognized that such case does not expose the company to any legal liability even if such ads are considered as infringement by the third party to another one on the basis of the fact that the controller of the data published on Google clouds is the end user who enter such data in the clouds. Accordingly, the user shall be held liable of such data. Google as search engine is just a data processor and it is not under any obligation to assess the validity of the same (Musil, 2013).

The protection of the privacy and the safety of the personal data in the cloud computing:

One of the major concerns over the conclusions of cloud contracts is the protection of the data of the user against the loss, sabotage or the infringement of privacy. Logging onto cloud computing requires that the user shall fill certain data predetermined by the service provider including the user’s personal data, banking details as visa cards and bank accounts. Such data may extend to cover the trade secrets of the companies. The extent of the importance of such obligation increases with the increase in the importance and value of data circulating on the internet and those stored in clouds.

We see that it is the obligation of the provider to ensure the safety, maintenance and the protection of these data against any change or amendment by any third party by ensuring that no unauthorized user shall access to the cloud data not belonged to him/her. It is also the responsibility of the provider to ensure the protection of the data upon converting the same from /to other cloud computing. The duty of the provider to maintain the data is an obligation of due diligence and not of result. It is an obligation that lies with the service nature. It is inconceivable a cloud service based on private data may be provided without protection of the same.

It is our opinion that the service provider shall do the necessary due diligence to ensure the confidentiality of the data and information stored in the clouds and prevent any unauthorized access or changes. We therefore, recommend the following of the cloud service provider:

  • The users should be obliged to accurately and clearly specify their data and information stored in the clouds.

  • The cloud service provider shall advise the cloud users of the security, technical and legal requirements.

Based on the above presentation, we would like to recommend providing the following regulating conditions in the cloud service contracts:

  • The cloud service provider shall introduce the users to the available means which may be used by them to restrict or limit the access to certain services.

  • The cloud service provider shall not be held liable for the data stored in the clouds at the request of the service user in the event that the service provider had no prior knowledge of such unlawful activity or information.

  • There are certain details should be made available in the cloud service contract ascertain the truth of the parties’ identification upon receiving any request for withdrawal of any data from the cloud storage system. Such required details include, without limitation, for the natural person, the name, profession, address, nationality and date of birth. However for the legal person, the required details cover the name, the legal nature of such legal person, the name of the legal representative of such person and the electronic and traditional contact address.

  • It should be stipulated that the service provider is not obliged to arrange any control or monitoring of the data and information stored or sent through the cloud applications. The provider also is not about to look for the validity of the data stored in the clouds.

Conclusions

The cloud computing is an electronic service provided by the service provider to the end user through several legal transactions conducted via modern digital means featured with fast and easy moving from the pre-contracting stage to the post-contracting stage in a way which might just appear to be as a mere communication, however, in fact it is a legal contracting.

The cloud contracts have several advantages which make such contracts featured with a range of characteristics and different in nature to the other electronic contracts. Based on the above facts we have reached a set of conclusions and recommendation which can be summarized as follows: The cloud contracts are consensual ones as there is no difference between the consent capacity and the adhesion capacity in the cloud contracts. And, the cloud contracts have no special legal regulation. So such contracts are applied and governed under the general contracting rules in the Civil Transactions Law as per the capacities of the contracting parties, although the special rules of the electronic transaction law may be also applicable on the same. The accurate classification of the cloud contracts is that they should be considered as contracting contracts and not sale contracts.

References

Expert Group Report (2010). The future of cloud computing. http://cordis.europa.euLinks ]

Jeffrey, R., & Andrew, H. (2011). Market space Point of view, Envisioning the Cloud, the next Computing Paradigm. http://marketspacenext.files.wordpress.comLinks ]

King, R. (2008). Cloud Computing: Small Companies Take Flight. BusinessWeek Online. [ Links ]

Linthicum, D. (2011). Why the hybrid cloud model is the best approach. https://www.infoworld.com/article/2625289/why-the-hybrid-cloud-model-is-the-best-approach.htmlLinks ]

Malaurie, P. A. (2004). Les contrats spéciaux. Defrénois, no 700. [ Links ]

Mell, P., & Grance, T. (2009). National Institute of Standards and Technology, The NIST Definition of Cloud Computing. 2. http://csrc.nist.gov/publications/drafts/800-145/Draft SP-800-145_cloud-definition.pdfLinks ]

Mowbray, M. (2009). The Fog over the Grimpen Mire: Cloud Computing and the Law. LABS HP. https://www.hpl.hp.com/techreports/2009/HPL-2009-99.pdfLinks ]

Musil, S. (2013). Google wins landmark AdWords case in Australia. https://www.cnet.com/tech/services-and-software/google-wins-landmark-adwords-case-in-australia/Links ]

Peter, M., & Timothye, G. (2011). The NIST Definition of Cloud Computing: Recommendations of the NIST. US Department of Commerce, 1. [ Links ]

Reed, C., & Angel, J. (2007). Computer Law: The Law and Regulation of Information Technology 6th ed. UK: Oxford University Press. [ Links ]

Schick, S. (2008). Five ways of defining cloud computing. http://www.itworldcanada.comLinks ]

Trabi, M.A. (2018) - The legal regularization of the cloud contracts under the Jordanian law - The Jordanian Magazine of the Applied Sciences -The Human Sciences Serious, 83(17)3. [ Links ]

Sayed, R. F. - (2013)- The open-resource Cloud System - The Iraqi IT Magazine 5(2), 21. [ Links ]

Al Abasiri, F (2003)- The Contract of Subscription to the Electronic Data Bases - Cairo - Al Nahda Al Arabia Publication Home [ Links ]

Received: April 02, 2023; Accepted: June 07, 2023

*Autor para correspondencia E-mail: Ahmed_aldabosy@yahoo.com

El autor declara no tener conflictos de intereses.

El autor participó en la búsqueda y recopilación de la información, redacción y revisión del artículo.

Creative Commons License