Cloud computing is a growing trend in India. Cloud computing relies on sharing computing resources rather than having local servers or personal devices to handle programs. In cloud computing the word ‘cloud’ is used for ‘Internet’ and therefore, the word cloud computing means an Internet-based computing, where services such as servers, application, and storage are handled through the Internet to an organization’s computers and devices. In simple words, cloud computing is a method of computing, whereby shared computing resources, software, and information are provided on demand via the internet. The infrastructure of cloud computing is controlled between a cloud provider and the customer.
Cloud Computing technique can be used in file processing, storage, accounting software, email services, hosted exchange servers, application software etc. Some of the examples of storage computing software are Dropbox, Google Drive, Cloud album; email services such as Gmail, adobe creative cloud, Exchange online, Google, Amazon, QuickBooks, GoDaddy etc. are some of the widely used cloud software. Cloud software is mainly on three models, private, public and hybrid. The Public cloud allows services to general public without any permission or separate account for example, Google, Amazon and Microsoft. Private cloud allows services and system within an organization, operated from within. The hybrid is the newly developed mixture of public and private cloud, whereby non-critical activities are performed using public cloud and the critical activities are performed by using a private cloud.
India is seeing a huge exposure in using the cloud computing technology. It’s opening new paradigm in the evolution of information technology in India, which calls attention to several issues and challenges. The main challenge is to formulate the right policies and creating a new regulatory framework to deal with the situation posed by the new technology scheme of cloud computing.
Information Technology Act, 2000 currently deals with the scheme of cloud computing for data security and privacy of the information over the internet, yet there is a severe need for amendments in the IT Act, in order to sustain the protection of sensitive information of various cloud computing models. The main conflicts include the areas of jurisdiction, privacy and security issues, IPR issues and indemnity. The question of jurisdiction becomes an issue due to the fact that the data-owner is unaware of the location where the data is actually stored. Hence, it builds a layer of risk whereby the data resides in a different jurisdiction while the legal frameworks governing is of a different jurisdiction. For example, the owner or the customer is based in India, while the cloud service provider is in America. Therefore, there exists a conflict in a choice of law.
The Information Technology Act, 2000 Section 75(2), states that this act shall apply in offense or contravention committed outside India by any person if the act or conduct constituting the offense involves a computer, computer system, computer network located in India. Yet it does not provide a comprehensive solution, leaving the need for new laws and policies to deal with the matter involving confusion as to the issue of jurisdiction.
The second concern is data privacy and security as it involves the control by the host company and not only the owner. Hence, there can be data breach as personal information such as credit card, social security number, address; personal messages are stored over these cloud computing storage. Since India has no specific regulation pertaining to the protection of data privacy of an individual, section 43A IT Act, 2000 is considered to be a right step taken to protect the privacy rights of the individuals in the digital economy.
Privacy protection involves the concerns of how these personal data are collected, stored and promulgated. This issue is not dealt by the IT Act, 2000 explicitly, but there are fewer provisions bearing on the right to privacy like unauthorized access, confidentiality, hacking and breach of privacy, which shows the inadequacy to deal with these problems on a large scale. The legislation has also been not sufficed to deal with the problem of cybercrimes, child pornography, cyber terrorism etc.
The other problem faced by the using the cloud computing technology is the interruption in service and the ambiguity as to the owing of responsibility for the interruption. Therefore, there is a requirement of proper agreement between the parties to regulate on such ambiguity which would help the parties to incorporate clauses as to their protection and would account the implication of breach.
As being one of the fastest growing economies in the world, India is at the foremost of developing technologies and cloud computing is no exception. Infosys, Reliance Datacenter, Synage, Netmagic Solution, Wipro, Orange space and Tata consultancy are India’s topmost cloud computing service providers that had given a hike to this development. This development had raised the issue of protection of rights of the users; there is lack of proper mechanism and framework dealing with the right of ownership, use, and control of data. Therefore, in order to ensure such security there is need of investing certain rights with the users as highlighted by Mr. Rakesh Kumar, VP, Garter Research, which includes right to retain the ownership of data, right to a service level agreement, addressing the liabilities, remediation of a contract, Right to notification and choice about any change made, affecting the right of the user, right to understand the technical requirements of a service, clear vision on jurisdiction, right to know the security process and a responsibility to understand and adhere to software requirement.
Envisaging these rights would give a better status quo in implementing a cloud computing technique.
Author: Anushtha Srivastava
You can reach author at: email@example.com
Anushtha is currently pursuing law from UPES, Dehradun. She is also a researcher with TA.