Cloud Computing and International Laws

Cloud computing is subject to certain complexities due to the interplay of international organizations, international users, and Cloud Computing Service Providers (collectively “CCSPs”). In essence, the owners, operators, and users of CCSPs may be subject to both national and international laws.  Furthermore, as recent events have indicated, they may face risks when it comes to data privacy and security.

What does international law mean for cloud computing?

The authority that each state has in regards to jurisdiction is a grey area. For example, the Permanent Court of International Justice considers states as having no restriction on exercising jurisdiction on other states. This is the case, unless there is a prohibition under international law. For the most part, international law is considered private law, which revolves around contractual provisions. On the contrary, organizations like the European Union, which regulate cloud computing, operate under public law. For this reason, cloud computing falls under both public and private laws. Because of this, it is difficult to coin cloud computing as a public structure for the purpose of protecting against CCSPs.  Additionally, the Restatement of Foreign Relations Law, Section 403, affects jurisdictional issues. This section provides that “a state may not exercise jurisdiction to prescribe law with respect to a person or activity having connections with another state when the exercise of such jurisdiction is unreasonable.”

What does the territorial principle mean for cloud computing?

The territorial principle is classified under both subjective and objective aspects. First, the subjective aspect provides that states can enforce laws in their own geographical territories. This is important in regards to geographical territories that have had their jurisdiction extended due to consummation. The subjective aspect is important in holding CCSPs accountable for cloud computing regulations. This way, when borders are crossed, regulations are not overlooked, and liability is still assigned when data is transferred across borders. Second, the objective aspect of territorial jurisdiction extends to actions that occur in another state, but have an effect within the state that is enforcing jurisdiction. The objective aspect is important for extraterritorial jurisdiction that is applicable to cybercrimes taking place across international borders.

How does corporate citizenship factor into international laws?

Because corporations function as separate entities, there is an on-going disagreement around corporate citizenship when it comes to international law. Pursuant to 28 U.S.C. § 1332(c)(1), a corporation is a citizen of any state by which it has been incorporated and of the state where it has its principal place of business. However, this is usually not as simple as it sounds. For example, a corporation may have been incorporated in Los Angeles, California, but holds its principal place of business in another state.  Moreover, if a CCSP has a subsidiary in the country it operates in, the subsidiary would need to follow the host country’s regulations. Regardless of the citizenship of the corporation or individual utilizing the CCSP, it is important that the international laws for cloud computing become standardized.  A state must be able to regulate cloud computing while recognizing international authorities.  Hence, with the rise of technology, uniform laws should be implemented in the near future. This way, international laws for cloud computing will move towards standardization.

At our law firm, we assist clients with legal issues related to cloud computing and international laws. You may contact us to set up an initial consultation.