Monday, February 27, 2012

From the Experts: Cloud Computing's Hidden Export Regulation Risks




http://ow.ly/9jgAC

An article by Chad Breckinridge posted on law.com on the Corporate Counsel webpage.

This article discusses the use of cloud computing, and touches on how government regulations apply to data in the cloud.

The article states, "Thousands of Americans export data overseas every day without U.S. government authorizations and don’t even know it. How? By using cloud-computing services, ranging from personal services like Gmail to large-scale enterprise data storage solutions. While cloud-based services have become a valuable tool for improving efficiency, outdated government regulation leaves cloud users exposed."

The article further discusses the lack of clarity in the current regulations, "Of the U.S. agencies that regulate exports, only one—the Bureau of Industry and Security (BIS) within the Commerce Department—has provided even limited guidance on cloud computing. This dearth of guidance highlights the compliance challenge and also reflects a tacit acknowledgment that the existing regulations are poorly suited for this evolution in data handling.
BIS has released two cloud-computing advisories, both in the form of letters responding to requests submitted by unnamed cloud providers (not cloud users). The first letter, from January 2009, implicitly concluded that cross-border transmissions are exports, but it explained that the cloud service provider isn’t the exporter. This, BIS explained, is because the provider doesn’t receive the primary benefit of the transaction. BIS further reasoned that cloud providers’ services are not subject to the EAR because the provider is not shipping or transmitting anything (commodity, technology, or software) to the user. While helpful for cloud providers, BIS’s conclusions beg the question of whether a cloud user would be considered an exporter subject to the EAR."

No comments:

Post a Comment