The Legal Background to Cloud Computing

Thursday 8 November 2012, 6.00pm

The Davidson Building, 5 Southampton Street, London WC2E 7HA. The nearest underground stations are Covent Garden and Charing Cross.

Kuan Hon


Cloud computing looks set to become mainstream. Security is often raised in the context of cloud, but using cloud also carries legal risks. This talk will provide an overview of key legal concerns that cloud users may wish to bear in mind, with some related practical points.

What legal risks may arise when signing up for cloud services? The Cloud Legal Project is a 3-year project established to examine legal issues in cloud computing. A survey by the Project of some 30 sets of provider terms and conditions found that many cloud contracts, offered on providers' standard terms of service, were generally provider-favourable, and some terms may even be invalid. Can users negotiate cloud contract terms? What areas have been considered most problematic by users in practice? This talk will report on subsequent CLP research into negotiated cloud contracts, and the kinds of terms users have sought to change in order better to meet their commercial and legal needs. For example, users had issues regarding provider liability, and exit and lock-in when terminating the service. This research, indicating some evolution in the cloud market, was primarily based on in-depth interviews with a varietyof global and UK cloud market players including users and systems integrators as well as service providers. Research on the UK G-Cloud v1 programme, piloting a CloudStore for public sector buyers, will also be reported, including lessons learned regarding public procurement law issues for the public sector as well as contractual issues.

What are a user's main rights and responsibilities when using cloud services to store or process data or to deploy and run applications? This talk will outline some aspects of information ownership in the cloud, including rights to intellectual property created using cloud services. Also, EU data protection law requirements may apply when processing "personal data" in the cloud, including the much-publicised restriction on transferring personal data outside the European Economic Area, which is often raised in the context of cloud. There are possible solutions such as US Safe Harbor, but how well do they work? These and proposed EU changes to data protection law will be discussed. Other data protection law issues relevant to cloud usage will also be outlined. Access to cloud data by the service provider, or disclosure to third parties such as law enforcement authorities under the US PATRIOT Act, will be covered. Finally, some legal risks arising from a cloud user's own end users will be mentioned.

This meeting has been organised as a joint meeting with the BCS Law Specialist Group, but will be aimed at a technical audience with no specialist legal training. Come and find out what might hurt your next Cloud project before it's too late!

This talk will not be recorded. Please book early to ensure your place. For papers relating to the Cloud Legal Project, please see

About the Speaker:

Kuan Hon, MA (Cantab), LLM (UPenn), MSc (Imperial), LLM (Queen Mary), is consultant to the Cloud Legal Project at the Centre for Commercial Studies, Queen Mary, University of London, and a joint law and computer science PhD candidate at Queen Mary. Kuan is a non-practising English solicitor and New York attorney. Before taking a Master's in Computing Science at Imperial College London and moving into technology law, Kuan was a finance and insolvency lawyer in the City of London. Kuan has given numerous presentations on cloud computing, including several at CloudCamp London.


Free. To gain admission please email your name to our Membership Secretary, Algirdas Pakstas, at in advance of the meeting. Attendance lists will normally be finalised on the Monday preceding each meeting but late admission may be accepted by signing in to the Davison Building as a visitor.


View the slides for this event (PDF)