Jag tänkte värma upp med att komma tillbaka från semestern med en "INI-rapport" i mitt utskott JURI i EP.
Unleashing the potential of cloud computing in Europe 2013/2063(INI)Ändringsförslag mottages tacksamt innan deadline 30 augusti.
DRAFT OPINION of the Committee on Legal Affairs for the Committee on Industry, Research and Energy on Unleashing the Potential of Cloud Computing in Europe (2013/2063(INI))
Rapporteur(*): Lidia Joanna Geringer de Oedenberg
(*) Associated committees – Rule 50 of the Rules of Procedure
The Committee on Legal Affairs calls on the Committee on Industry, Research and Energy, as the committee responsible, to incorporate the following suggestions in its motion for a resolution:
1. Urges the Commission to take action to further harmonise laws across the Member States in order to avoid jurisdictional confusion and fragmentation and to improve the transparency of the digital single market;
2. Calls on the Commission to review other EU legislation to address gaps related to cloud computing; calls, in particular, for the revision of the intellectual property rights regime, the Unfair Commercial Practices Directive, the Unfair Contract Terms Directive and the E-Commerce Directive, which are the most relevant pieces of EU legislation that apply to cloud computing;
3. Calls on the Commission to establish a clear legal framework in the field of copyright content in the cloud, especially with regard to licensing regulations;
4. Stresses that, owing to uncertainties regarding applicable law and jurisdiction, contracts are the main tools for establishing relations between cloud providers and their customers, and that there is therefore a clear need for common European guidelines in that field;
5. Calls on the Commission to work together with the Member States to develop European best practice models for contracts, or ‘model contracts’, that will ensure complete transparency by providing all terms and conditions in a very clear format;
6. Calls on the Commission to develop, together with stakeholders, voluntary certification schemes for provider security systems which would help to harmonise practices across cloud providers and which would make clients more aware of what they should expect from cloud service providers;
7. Stresses that, owing to jurisdiction problems, European consumers are in practice unlikely to be able to seek redress from cloud services providers in other jurisdictions; calls therefore, on the Commission to provide adequate means for redress in the consumer services area, since there is a strong imbalance of power between consumers and providers of cloud computing;
8. Calls on the Commission to ensure a speedy implementation of Alternative Dispute Resolution and Online Dispute Resolution and to make sure that consumers are equipped with adequate means of collective redress against security and privacy breaches as well as against illegal contract provisions for cloud services.
Your rapporteur welcomes the Commission’s Communication, but considers it appropriate, in order to ensure that upcoming legislation will be operative, to call on the Commission to make certain provisions more stringent and to look at the problem together with all other legislation that may assist in eliminating barriers and unlocking its full potential.
Cloud computing has a huge potential and should provide benefits for business, citizens and the public sector1 but, as a new model of networked computing, poses some legal and contractual risks. Among other concerns, such as security or supplier lock-in, there is major concern among both service providers and users regarding the lack of standardisation which would be required for a single market across Europe, the diversity of relevant legislation across Europe, currently unclear contract provisions and the lack of clear rules on intellectual property rights (IPR).
Recent research shows that 48 % of managers in both the private and the public sectors are aware that the implementation of cloud computing can speed up and facilitate their work. More than half of them have not, however, introduced any procedures to minimise business risks such as identity theft.
The biggest threat in the cloud are so called ‘insiders’, those working in the establishments providing cloud services, who have access to customer data, followed by other tenants of the service provider in the cloud, notably in case of a breakdown of isolation mechanisms.
The EU digital single market remains fragmented due to differing legal regimes among the Member States, and when it comes to IPR only a limited level of harmonisation has taken place in the wake of the Copyright Directive. Action must therefore be targeted to address the issue of cloud services that depend on a uniform IPR regime to cross borders. The proposals on collective rights management and the private copy levy must take into account the development of new technologies, in particular cloud computing services, and clarify the rules for securing IPR in a digital environment.
According to the recent Commission public consultation on cloud computing, the legal regime was unclear to respondents in 90 % of cases. There is general confusion among stakeholders regarding rights and responsibilities in cross-border cloud computing situations, in particular with regard to matters relating to liability and jurisdiction. Coupled with the fragmentation of the internal market, this calls for further harmonisation of laws across the Member States, in particular by eliminating gaps and weaknesses in applicable EU legislation, notably the Unfair Commercial Practices Directive and the Unfair Contract Terms Directive in terms of consumer protection, and the E-Commerce Directive when it comes to exemptions from private copy levies.
Consumers and SMEs who want to make use of public clouds are often faced with ‘take-it-or-leave-it’ contracts, most often tick-box agreements. The Commission should therefore, together with the Member States, consider introducing clearer rules or model contracts. There is a need for guidelines and standardised model contract schemes setting out the key terms and conditions that are important to users, while increasing transparency.
Cloud users should furthermore be able to evaluate any cloud service offer on the basis of standardised procedures regarding the security and warranties provided by the service,
so-called Service Level Agreements (SLA). A voluntary certification scheme enabling users to evaluate and compare, in a simple manner, the level of conformity to standards, interoperability and the security systems of cloud services should therefore be implemented at European level, taking into account the differences encountered in these respects at the three different levels of service: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). The first case concerns security equipment, supply lines, data, etc. In the second case, responsibility for security largely lies with the client, who should adequately protect their data. In the third, responsibility lies with the supplier.
The provision of adequate means of redress for users when it comes to cloud computing service providers is necessary, in particular in the consumer service area. Owing to jurisdictional problems, European consumers are currently in practice unlikely to be able to seek redress from the service provider. The Commission should therefore speed up the implementation of Alternative and Online Dispute Resolution and forms of collective redress in order to facilitate the solving of conflicts in this area faced by users, without putting too much additional pressure on national courts.