Hej DFRI-listan,
Jag tänkte värma upp med att komma tillbaka från semestern med en "INI-rapport" i mitt utskott JURI i EP.
*Unleashing the potential of cloud computing in Europe2013/2063(INI)** *http://parltrack.euwiki.org/dossier/2013/2063%28INI%29
Ändringsförslag mottages tacksamt innan deadline 30 augusti.
mvh
//Erik
DRAFT OPINION of the Committee on Legal Affairs for the Committee on Industry, Research and Energy on Unleashing the Potential of Cloud Computing in Europe (2013/2063(INI)) Rapporteur(*): Lidia Joanna Geringer de Oedenberg (*) Associated committees -- Rule 50 of the Rules of Procedure
SUGGESTIONS The Committee on Legal Affairs calls on the Committee on Industry, Research and Energy, as the committee responsible, to incorporate the following suggestions in its motion for a resolution:
/1. Urges the Commission to take action to further harmonise laws across the Member States in order to avoid jurisdictional confusion and fragmentation and to improve the transparency of the digital single market;// // //2. Calls on the Commission to review other EU legislation to address gaps related to cloud computing; calls, in particular, for the revision of the intellectual property rights regime, the Unfair Commercial Practices Directive, the Unfair Contract Terms Directive and the////E-Commerce Directive, which are the most relevant pieces of EU legislation that apply to cloud computing;// // //3. Calls on the Commission to establish a clear legal framework in the field of copyright content in the cloud, especially with regard to licensing regulations;// // //4. Stresses that, owing to uncertainties regarding applicable law and jurisdiction, contracts are the main tools for establishing relations between cloud providers and their customers, and that there is therefore a clear need for common European guidelines in that field;// // //5. Calls on the Commission to work together with the Member States to develop European best practice models for contracts, or 'model contracts', that will ensure complete transparency by providing all terms and conditions in a very clear format;// // //6. Calls on the Commission to develop, together with stakeholders, voluntary certification schemes for provider security systems which would help to harmonise practices across cloud providers and which would make clients more aware of what they should expect from cloud service providers;// // //7. Stresses that, owing to jurisdiction problems, European consumers are in practice unlikely to be able to seek redress from cloud services providers in other jurisdictions; calls therefore, on the Commission to provide adequate means for redress in the consumer services area, since there is a strong imbalance of power between consumers and providers of cloud computing;// // //8. Calls on the Commission to ensure a speedy implementation of Alternative Dispute Resolution and Online Dispute Resolution and to make sure that consumers are equipped with adequate means of collective redress against security and privacy breaches as well as against illegal contract provisions for cloud services.// /
SHORT JUSTIFICATION Your rapporteur welcomes the Commission's Communication, but considers it appropriate, in order to ensure that upcoming legislation will be operative, to call on the Commission to make certain provisions more stringent and to look at the problem together with all other legislation that may assist in eliminating barriers and unlocking its full potential.
Cloud computing has a huge potential and should provide benefits for business, citizens and the public sector1 but, as a new model of networked computing, poses some legal and contractual risks. Among other concerns, such as security or supplier lock-in, there is major concern among both service providers and users regarding the lack of standardisation which would be required for a single market across Europe, the diversity of relevant legislation across Europe, currently unclear contract provisions and the lack of clear rules on intellectual property rights (IPR).
Recent research shows that 48 % of managers in both the private and the public sectors are aware that the implementation of cloud computing can speed up and facilitate their work. More than half of them have not, however, introduced any procedures to minimise business risks such as identity theft.
The biggest threat in the cloud are so called 'insiders', those working in the establishments providing cloud services, who have access to customer data, followed by other tenants of the service provider in the cloud, notably in case of a breakdown of isolation mechanisms.
The EU digital single market remains fragmented due to differing legal regimes among the Member States, and when it comes to IPR only a limited level of harmonisation has taken place in the wake of the Copyright Directive. Action must therefore be targeted to address the issue of cloud services that depend on a uniform IPR regime to cross borders. The proposals on collective rights management and the private copy levy must take into account the development of new technologies, in particular cloud computing services, and clarify the rules for securing IPR in a digital environment.
According to the recent Commission public consultation on cloud computing, the legal regime was unclear to respondents in 90 % of cases. There is general confusion among stakeholders regarding rights and responsibilities in cross-border cloud computing situations, in particular with regard to matters relating to liability and jurisdiction. Coupled with the fragmentation of the internal market, this calls for further harmonisation of laws across the Member States, in particular by eliminating gaps and weaknesses in applicable EU legislation, notably the Unfair Commercial Practices Directive and the Unfair Contract Terms Directive in terms of consumer protection, and the E-Commerce Directive when it comes to exemptions from private copy levies.
Consumers and SMEs who want to make use of public clouds are often faced with 'take-it-or-leave-it' contracts, most often tick-box agreements. The Commission should therefore, together with the Member States, consider introducing clearer rules or model contracts. There is a need for guidelines and standardised model contract schemes setting out the key terms and conditions that are important to users, while increasing transparency.
Cloud users should furthermore be able to evaluate any cloud service offer on the basis of standardised procedures regarding the security and warranties provided by the service, so-called Service Level Agreements (SLA). A voluntary certification scheme enabling users to evaluate and compare, in a simple manner, the level of conformity to standards, interoperability and the security systems of cloud services should therefore be implemented at European level, taking into account the differences encountered in these respects at the three different levels of service: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). The first case concerns security equipment, supply lines, data, etc. In the second case, responsibility for security largely lies with the client, who should adequately protect their data. In the third, responsibility lies with the supplier.
The provision of adequate means of redress for users when it comes to cloud computing service providers is necessary, in particular in the consumer service area. Owing to jurisdictional problems, European consumers are currently in practice unlikely to be able to seek redress from the service provider. The Commission should therefore speed up the implementation of Alternative and Online Dispute Resolution and forms of collective redress in order to facilitate the solving of conflicts in this area faced by users, without putting too much additional pressure on national courts.
Lite spridda kommentarer nedan.
//2. Calls on the Commission to review other EU legislation to address gaps related to cloud computing; calls, in particular, for the revision of the intellectual property rights regime,
Ja, här isar det ju till i tänderna lite. Jag får intrycket att mycket av hela denna cloud push är för att försöka skaka fram så många europeiska patent som möjligt inom detta område, vilket ju inte är något lovvärt.
the Unfair Commercial Practices Directive,
Vad i jösse namn nu detta kan vara...
the Unfair Contract Terms Directive and the////E-Commerce Directive, which are the most relevant pieces of EU legislation that apply to cloud computing;// // //3. Calls on the Commission to establish a clear legal framework in the field of copyright content in the cloud, especially with regard to licensing regulations;//
Jesus, märgen fryser till is här.
//4. Stresses that, owing to uncertainties regarding applicable law and jurisdiction, contracts are the main tools for establishing relations between cloud providers and their customers, and that there is therefore a clear need for common European guidelines in that field;//
Nej nej nej, collaboration and trust är mycket viktigare. Dags att läsa agila manifestet, tror jag:
Cloud computing has a huge potential and should provide benefits for business, citizens and the public sector1 but, as a new model of networked computing, poses some legal and contractual risks. Among other concerns, such as security or supplier lock-in, there is major concern among both service providers and users regarding the lack of standardisation which would be required for a single market across Europe, the diversity of relevant legislation across Europe, currently unclear contract provisions and the lack of clear rules on intellectual property rights (IPR).
Här kommer detta med IPR igen. Jag har sjukt svårt att se relevansen här. Jag sysslar med mjukvara, och har väldigt svårt att se vad IPR har med det hela att göra. Annat än att ANVÄNDARE av molnet kan spara sina piratkopierade filmer där.
Recent research shows that 48 % of managers in both the private and the public sectors are aware that the implementation of cloud computing can speed up and facilitate their work. More than half of them have not, however, introduced any procedures to minimise business risks such as identity theft.
What? Identity Theft? Hurdå? Om de deployar sina applikationer själva, på egna servrar, så blir det halvbra gjort. Om de deployar sina appar i molnet så har de hundratals säkerhets- experter som inte har annat för sig än att se till att deras moln inte kan hackas.
The biggest threat in the cloud are so called ‘insiders’, those working in the establishments providing cloud services, who have access to customer data, followed by other tenants of the service provider in the cloud, notably in case of a breakdown of isolation mechanisms.
Ja, kanske det, men det är inte sant att de som äger moln har access till sina kunders data. Så är det ju inte om datat är krypterat hos kunderna hela vägen ut i molnet. De snyggaste exemplen på det är ju:
* http://www.wuala.com * https://leastauthority.com
The EU digital single market remains fragmented due to differing legal regimes among the Member States, and when it comes to IPR only a limited level of harmonisation has taken place in the wake of the Copyright Directive. Action must therefore be targeted to address the issue of cloud services that depend on a uniform IPR regime to cross borders. The proposals on collective rights management and the private copy levy must take into account the development of new technologies, in particular cloud computing services, and clarify the rules for securing IPR in a digital environment.
Jag osäkrar min browning, nu!
Mats
Hallå Ja, det budskap jag ser i texten i ditt mejl är egentligen en begäran om att centralisera och öka regelverken för cloud computing. Utökad (europeisk) lagstiftning och centralisering är inte alltid förenligt med idéer om ett användarstyrt Internet. Jag tror att det behövs en bättre definition av vad man vill åstadkomma (än begreppet cloud computing) innan man börjar tala lagstiftning.
Som Mats skriver kommer begreppen "copyright content in the cloud" lite väl ofta för att det ska vara bekvämt.
Godkänner man den här formuleringen: "...and the private copy levy must take into account the development of new technologies,Š" så har man i praktiken redan godkänt förekomsten av, och centraliserade regler för, kassettskatten (copy levy).
Idag pågår en stark offensiv när det gäller en utökad kassettskatt, men den sker i alla fall decentraliserat ( i resp. MS). Decentraliseringen bidrar åtminstone till att söndra den offensiven. "copyright content in the cloud" syftar nog till att stärka det arbetet.
Några funderingar :-) Staffan
Den 2013-08-27 19:48 skrev Mats Henricson mats@henricson.se:
Lite spridda kommentarer nedan.
//2. Calls on the Commission to review other EU legislation to address gaps related to cloud computing; calls, in particular, for the revision of the intellectual property rights regime,
Ja, här isar det ju till i tänderna lite. Jag får intrycket att mycket av hela denna cloud push är för att försöka skaka fram så många europeiska patent som möjligt inom detta område, vilket ju inte är något lovvärt.
the Unfair Commercial Practices Directive,
Vad i jösse namn nu detta kan vara...
the Unfair Contract Terms Directive and the////E-Commerce Directive, which are the most relevant pieces of EU legislation that apply to cloud computing;// // //3. Calls on the Commission to establish a clear legal framework in the field of copyright content in the cloud, especially with regard to licensing regulations;//
Jesus, märgen fryser till is här.
//4. Stresses that, owing to uncertainties regarding applicable law and jurisdiction, contracts are the main tools for establishing relations between cloud providers and their customers, and that there is therefore a clear need for common European guidelines in that field;//
Nej nej nej, collaboration and trust är mycket viktigare. Dags att läsa agila manifestet, tror jag:
Cloud computing has a huge potential and should provide benefits for business, citizens and the public sector1 but, as a new model of networked computing, poses some legal and contractual risks. Among other concerns, such as security or supplier lock-in, there is major concern among both service providers and users regarding the lack of standardisation which would be required for a single market across Europe, the diversity of relevant legislation across Europe, currently unclear contract provisions and the lack of clear rules on intellectual property rights (IPR).
Här kommer detta med IPR igen. Jag har sjukt svårt att se relevansen här. Jag sysslar med mjukvara, och har väldigt svårt att se vad IPR har med det hela att göra. Annat än att ANVÄNDARE av molnet kan spara sina piratkopierade filmer där.
Recent research shows that 48 % of managers in both the private and the public sectors are aware that the implementation of cloud computing can speed up and facilitate their work. More than half of them have not, however, introduced any procedures to minimise business risks such as identity theft.
What? Identity Theft? Hurdå? Om de deployar sina applikationer själva, på egna servrar, så blir det halvbra gjort. Om de deployar sina appar i molnet så har de hundratals säkerhets- experter som inte har annat för sig än att se till att deras moln inte kan hackas.
The biggest threat in the cloud are so called Œinsiders¹, those working in the establishments providing cloud services, who have access to customer data, followed by other tenants of the service provider in the cloud, notably in case of a breakdown of isolation mechanisms.
Ja, kanske det, men det är inte sant att de som äger moln har access till sina kunders data. Så är det ju inte om datat är krypterat hos kunderna hela vägen ut i molnet. De snyggaste exemplen på det är ju:
The EU digital single market remains fragmented due to differing legal regimes among the Member States, and when it comes to IPR only a limited level of harmonisation has taken place in the wake of the Copyright Directive. Action must therefore be targeted to address the issue of cloud services that depend on a uniform IPR regime to cross borders. The proposals on collective rights management and the private copy levy must take into account the development of new technologies, in particular cloud computing services, and clarify the rules for securing IPR in a digital environment.
Jag osäkrar min browning, nu!
Mats
Tack för feedback! Mycket inspirerande.
Jag rensade upp i texten lite, men har inte lagt till nåt särskilt. Nåt som borde poängteras (tex PRISM...)?
Quick and dirty clean up: http://euwiki.org/w/index.php?title=INI%2F2013%2F2063&diff=16466&old...
//Erik
Original [[INI/2013/2063]] + Amended [[INI/2013/2063]]
- 1. Urges the Commission to take action to further harmonise laws across the Member States in order to avoid jurisdictional confusion and fragmentation and to improve the transparency of the digital single market; + 1. Urges the Commission to take action to further harmonise laws across the Member States in order to avoid jurisdictional confusion and fragmentation and to ensure transparency in the digital single market;
- 2. Calls on the Commission to review other EU legislation to address gaps related to cloud computing; calls, in particular, for the revision of the intellectual property rights regime, the Unfair Commercial Practices Directive, the Unfair Contract Terms Directive and the E-Commerce Directive, which are the most relevant pieces of EU legislation that apply to cloud computing; + 2. Calls on the Commission to review all EU legislation related to cloud computing;
- 3. Calls on the Commission to establish a clear legal framework in the field of copyright content in the cloud, especially with regard to licensing regulations; + 3. Calls on the Commission to establish a clear legal framework for the cloud, especially with regard to fundamental rights;
4. Stresses that, owing to uncertainties regarding applicable law and jurisdiction, contracts are the main tools for establishing relations between cloud providers and their customers, and that there is therefore a clear need for common European guidelines in that field; 4. Stresses that, owing to uncertainties regarding applicable law and jurisdiction, contracts are the main tools for establishing relations between cloud providers and their customers, and that there is therefore a clear need for common European guidelines in that field;
- 5. Calls on the Commission to work together with the Member States to develop European best practice models for contracts, or ‘model contracts’, that will ensure complete transparency by providing all terms and conditions in a very clear format; + 5. Calls on the Commission to work together with the Member States to develop European best practice models for contracts to ensure transparency;
- 6. Calls on the Commission to develop, together with stakeholders, voluntary certification schemes for provider security systems which would help to harmonise practices across cloud providers and which would make clients more aware of what they should expect from cloud service providers; + 6. Calls on the Commission to develop, together with stakeholders, free and open source software, in particular for providers of security systems, which would help to harmonise practices across cloud providers and which would make clients more aware of what they should expect from cloud service providers;
- 7. Stresses that, owing to jurisdiction problems, European consumers are in practice unlikely to be able to seek redress from cloud services providers in other jurisdictions; calls therefore, on the Commission to provide adequate means for redress in the consumer services area, since there is a strong imbalance of power between consumers and providers of cloud computing; + 7. Stresses that, owing to jurisdiction problems, European consumers are in practice unlikely to be able to seek redress from cloud services providers in other jurisdictions; calls therefore, on the Commission to provide legal means for redress in the consumer services area, since there is a strong imbalance of power between consumers and providers of cloud computing; -
+ - 8. Calls on the Commission to ensure a speedy implementation of Alternative Dispute Resolution and Online Dispute Resolution and to make sure that consumers are equipped with adequate means of collective redress against security and privacy breaches as well as against illegal contract provisions for cloud services. +
Parltrack link: http://parltrack.euwiki.org/dossier/2013/2063%28INI%29 Parltrack link: http://parltrack.euwiki.org/dossier/2013/2063%28INI%29
On 08/28/2013 09:25 AM, Staffan Jonson wrote:
Hallå Ja, det budskap jag ser i texten i ditt mejl är egentligen en begäran om att centralisera och öka regelverken för cloud computing. Utökad (europeisk) lagstiftning och centralisering är inte alltid förenligt med idéer om ett användarstyrt Internet. Jag tror att det behövs en bättre definition av vad man vill åstadkomma (än begreppet cloud computing) innan man börjar tala lagstiftning.
Som Mats skriver kommer begreppen "copyright content in the cloud" lite väl ofta för att det ska vara bekvämt.
Godkänner man den här formuleringen: "...and the private copy levy must take into account the development of new technologies,Š" så har man i praktiken redan godkänt förekomsten av, och centraliserade regler för, kassettskatten (copy levy).
Idag pågår en stark offensiv när det gäller en utökad kassettskatt, men den sker i alla fall decentraliserat ( i resp. MS). Decentraliseringen bidrar åtminstone till att söndra den offensiven. "copyright content in the cloud" syftar nog till att stärka det arbetet.
Några funderingar :-) Staffan
Den 2013-08-27 19:48 skrev Mats Henricson mats@henricson.se:
Lite spridda kommentarer nedan.
//2. Calls on the Commission to review other EU legislation to address gaps related to cloud computing; calls, in particular, for the revision of the intellectual property rights regime,
Ja, här isar det ju till i tänderna lite. Jag får intrycket att mycket av hela denna cloud push är för att försöka skaka fram så många europeiska patent som möjligt inom detta område, vilket ju inte är något lovvärt.
the Unfair Commercial Practices Directive,
Vad i jösse namn nu detta kan vara...
the Unfair Contract Terms Directive and the////E-Commerce Directive, which are the most relevant pieces of EU legislation that apply to cloud computing;// // //3. Calls on the Commission to establish a clear legal framework in the field of copyright content in the cloud, especially with regard to licensing regulations;//
Jesus, märgen fryser till is här.
//4. Stresses that, owing to uncertainties regarding applicable law and jurisdiction, contracts are the main tools for establishing relations between cloud providers and their customers, and that there is therefore a clear need for common European guidelines in that field;//
Nej nej nej, collaboration and trust är mycket viktigare. Dags att läsa agila manifestet, tror jag:
Cloud computing has a huge potential and should provide benefits for business, citizens and the public sector1 but, as a new model of networked computing, poses some legal and contractual risks. Among other concerns, such as security or supplier lock-in, there is major concern among both service providers and users regarding the lack of standardisation which would be required for a single market across Europe, the diversity of relevant legislation across Europe, currently unclear contract provisions and the lack of clear rules on intellectual property rights (IPR).
Här kommer detta med IPR igen. Jag har sjukt svårt att se relevansen här. Jag sysslar med mjukvara, och har väldigt svårt att se vad IPR har med det hela att göra. Annat än att ANVÄNDARE av molnet kan spara sina piratkopierade filmer där.
Recent research shows that 48 % of managers in both the private and the public sectors are aware that the implementation of cloud computing can speed up and facilitate their work. More than half of them have not, however, introduced any procedures to minimise business risks such as identity theft.
What? Identity Theft? Hurdå? Om de deployar sina applikationer själva, på egna servrar, så blir det halvbra gjort. Om de deployar sina appar i molnet så har de hundratals säkerhets- experter som inte har annat för sig än att se till att deras moln inte kan hackas.
The biggest threat in the cloud are so called Œinsiders¹, those working in the establishments providing cloud services, who have access to customer data, followed by other tenants of the service provider in the cloud, notably in case of a breakdown of isolation mechanisms.
Ja, kanske det, men det är inte sant att de som äger moln har access till sina kunders data. Så är det ju inte om datat är krypterat hos kunderna hela vägen ut i molnet. De snyggaste exemplen på det är ju:
The EU digital single market remains fragmented due to differing legal regimes among the Member States, and when it comes to IPR only a limited level of harmonisation has taken place in the wake of the Copyright Directive. Action must therefore be targeted to address the issue of cloud services that depend on a uniform IPR regime to cross borders. The proposals on collective rights management and the private copy levy must take into account the development of new technologies, in particular cloud computing services, and clarify the rules for securing IPR in a digital environment.
Jag osäkrar min browning, nu!
Mats