Hej DFRI-listan,
Jag tänkte värma upp med att komma tillbaka från semestern med
en "INI-rapport" i mitt utskott JURI i EP.
Unleashing the
potential of cloud computing in Europe 2013/2063(INI)
http://parltrack.euwiki.org/dossier/2013/2063%28INI%29
Ändringsförslag
mottages tacksamt innan deadline 30 augusti.
mvh
//Erik
DRAFT OPINION of the Committee on Legal
Affairs for the Committee on Industry, Research and Energy
on Unleashing the Potential of Cloud Computing in Europe
(2013/2063(INI))
Rapporteur(*): Lidia Joanna Geringer de Oedenberg
(*) Associated committees – Rule 50 of the Rules of
Procedure
SUGGESTIONS
The Committee on Legal Affairs calls on the Committee on
Industry, Research and Energy, as the committee responsible,
to incorporate the following suggestions in its motion for a
resolution:
1. Urges the Commission to take action to further
harmonise laws across the Member States in order to avoid
jurisdictional confusion and fragmentation and to improve
the transparency of the digital single market;
2. Calls on the Commission to review other EU
legislation to address gaps related to cloud computing;
calls, in particular, for the revision of the intellectual
property rights regime, the Unfair Commercial Practices
Directive, the Unfair Contract Terms Directive and the E-Commerce Directive, which
are the most relevant pieces of EU legislation that apply
to cloud computing;
3. Calls on the Commission to establish a clear legal
framework in the field of copyright content in the cloud,
especially with regard to licensing regulations;
4. Stresses that, owing to uncertainties regarding
applicable law and jurisdiction, contracts are the main
tools for establishing relations between cloud providers
and their customers, and that there is therefore a clear
need for common European guidelines in that field;
5. Calls on the Commission to work together with the
Member States to develop European best practice models for
contracts, or ‘model contracts’, that will ensure complete
transparency by providing all terms and conditions in a
very clear format;
6. Calls on the Commission to develop, together with
stakeholders, voluntary certification schemes for provider
security systems which would help to harmonise practices
across cloud providers and which would make clients more
aware of what they should expect from cloud service
providers;
7. Stresses that, owing to jurisdiction problems,
European consumers are in practice unlikely to be able to
seek redress from cloud services providers in other
jurisdictions; calls therefore, on the Commission to
provide adequate means for redress in the consumer
services area, since there is a strong imbalance of power
between consumers and providers of cloud computing;
8. Calls on the Commission to ensure a speedy
implementation of Alternative Dispute Resolution and
Online Dispute Resolution and to make sure that consumers
are equipped with adequate means of collective redress
against security and privacy breaches as well as against
illegal contract provisions for cloud services.
SHORT JUSTIFICATION
Your rapporteur welcomes the Commission’s Communication, but
considers it appropriate, in order to ensure that upcoming
legislation will be operative, to call on the Commission to
make certain provisions more stringent and to look at the
problem together with all other legislation that may assist
in eliminating barriers and unlocking its full potential.
Cloud computing has a huge potential and should provide
benefits for business, citizens and the public sector1 but,
as a new model of networked computing, poses some legal and
contractual risks. Among other concerns, such as security or
supplier lock-in, there is major concern among both service
providers and users regarding the lack of standardisation
which would be required for a single market across Europe,
the diversity of relevant legislation across Europe,
currently unclear contract provisions and the lack of clear
rules on intellectual property rights (IPR).
Recent research shows that 48 % of managers in both the
private and the public sectors are aware that the
implementation of cloud computing can speed up and
facilitate their work. More than half of them have not,
however, introduced any procedures to minimise business
risks such as identity theft.
The biggest threat in the cloud are so called ‘insiders’,
those working in the establishments providing cloud
services, who have access to customer data, followed by
other tenants of the service provider in the cloud, notably
in case of a breakdown of isolation mechanisms.
The EU digital single market remains fragmented due to
differing legal regimes among the Member States, and when it
comes to IPR only a limited level of harmonisation has taken
place in the wake of the Copyright Directive. Action must
therefore be targeted to address the issue of cloud services
that depend on a uniform IPR regime to cross borders. The
proposals on collective rights management and the private
copy levy must take into account the development of new
technologies, in particular cloud computing services, and
clarify the rules for securing IPR in a digital environment.
According to the recent Commission public consultation on
cloud computing, the legal regime was unclear to respondents
in 90 % of cases. There is general confusion among
stakeholders regarding rights and responsibilities in
cross-border cloud computing situations, in particular with
regard to matters relating to liability and jurisdiction.
Coupled with the fragmentation of the internal market, this
calls for further harmonisation of laws across the Member
States, in particular by eliminating gaps and weaknesses in
applicable EU legislation, notably the Unfair Commercial
Practices Directive and the Unfair Contract Terms Directive
in terms of consumer protection, and the E-Commerce
Directive when it comes to exemptions from private copy
levies.
Consumers and SMEs who want to make use of public clouds are
often faced with ‘take-it-or-leave-it’ contracts, most often
tick-box agreements. The Commission should therefore,
together with the Member States, consider introducing
clearer rules or model contracts. There is a need for
guidelines and standardised model contract schemes setting
out the key terms and conditions that are important to
users, while increasing transparency.
Cloud users should furthermore be able to evaluate any cloud
service offer on the basis of standardised procedures
regarding the security and warranties provided by the
service,
so-called Service Level Agreements (SLA). A voluntary
certification scheme enabling users to evaluate and compare,
in a simple manner, the level of conformity to standards,
interoperability and the security systems of cloud services
should therefore be implemented at European level, taking
into account the differences encountered in these respects
at the three different levels of service: Infrastructure as
a Service (IaaS), Platform as a Service (PaaS) and Software
as a Service (SaaS). The first case concerns security
equipment, supply lines, data, etc. In the second case,
responsibility for security largely lies with the client,
who should adequately protect their data. In the third,
responsibility lies with the supplier.
The provision of adequate means of redress for users when it
comes to cloud computing service providers is necessary, in
particular in the consumer service area. Owing to
jurisdictional problems, European consumers are currently in
practice unlikely to be able to seek redress from the
service provider. The Commission should therefore speed up
the implementation of Alternative and Online Dispute
Resolution and forms of collective redress in order to
facilitate the solving of conflicts in this area faced by
users, without putting too much additional pressure on
national courts.