Loading...

Regulation of Cloud Services under US and EU Antitrust, Competition and Privacy Laws

by Sára Gabriella Hoffman (Author)
©2017 Thesis 249 Pages

Summary

This book examines how cloud-based services challenge the current application of antitrust and privacy laws in the EU and the US. The author looks at the elements of data centers, the way information is organized, and how antitrust, competition and privacy laws in the US and the EU regulate cloud-based services and their market practices. She discusses how platform interoperability can be a driver of incremental innovation and the consequences of not promoting radical innovation. She evaluates applications of predictive analysis based on big data as well as deriving privacy-invasive conduct. She looks at the way antitrust and privacy laws approach consumer protection and how lawmakers can reach more balanced outcomes by understanding the technical background of cloud-based services.

Table Of Contents

  • Cover
  • Title
  • Copyright
  • About the authors
  • About the book
  • This eBook can be cited
  • Acknowledgement
  • Table of Contents
  • Table of Illustrations
  • List of Abbreviations
  • 1 Introduction
  • 1.1 Contribution of this thesis
  • 1.2 Background factors
  • 1.2.1 The use of data as a competitive advantage
  • 1.2.2 The consumers’ perception of security
  • 1.2.3 The business culture disconnect in antitrust and competition law
  • 1.2.4 Incremental and radical innovation
  • 1.3 State of research and literature
  • 1.3.1 Law
  • 1.3.2 Business and policy
  • 1.3.3 Computer and information science
  • 1.4 Structure of the thesis
  • Part I: Technical and legal framework of cloud computing
  • 2 What is (big) data?
  • 2.1 Definition and types of data
  • 2.2 Definition of big data
  • 2.3 Interoperability in database management systems and data integration
  • 2.4 Definition of algorithm
  • 2.5 Causality and correlation
  • 2.6 The value of data
  • 3 What is the cloud?
  • 3.1 Definitions and variations of cloud computing
  • 3.2 The benefit of could computing
  • 3.3 The innovations of cloud computing
  • 3.4 Key legal issues of the cloud
  • 3.5 Market impact
  • 3.6 Risk management
  • 3.7 Cost structure and cloud architecture
  • 3.7.1 Cloud architecture
  • 3.7.2 Data center equipment and setup
  • 3.7.3 Location
  • 3.7.4 Electricity costs
  • 3.8 Forum shopping
  • 3.9 Conclusion
  • 4 Cloud security risks
  • 4.1 Identified security concerns (B2B)
  • 4.2 Customers’ concerns of privacy risks with big data (B2C)
  • 4.2.1 Eurobarometer on attitudes on data protection and electronic identity in the EU
  • 4.2.2 Discussion on big data and cyber foreign policy
  • 4.3 Customer risk management strategies
  • 4.4 Summary
  • 5 Overview of laws and policy makers in the EU and the U.S.
  • 5.1 Policy makers in the U.S.
  • 5.1.1 Data privacy laws
  • 5.1.2 Antitrust laws
  • 5.2 Policy makers in the EU
  • 5.2.1 Competition laws
  • 5.2.2 Data privacy laws
  • Part II: Cloud computing and competition law
  • 6 Cloud computing and EU competition law
  • 6.1 Introduction
  • 6.2 The relevant market for cloud computing
  • 6.2.1 Cloud computing as a utility service
  • 6.2.2 Pricing models of cloud utility and consequences for defining the relevant market
  • 6.2.3 The relevant market
  • 6.2.3.1 The relevant product market
  • 6.2.3.2 The relevant geographic market
  • 6.2.3.3 The relevant temporal market
  • 6.2.4 Conclusion on defining the relevant market
  • 6.3 Abuse of a dominant position, Art. 102 TFEU
  • 6.3.1 Conduct: Tying and bundling
  • 6.3.2 Conduct: Exclusive dealing
  • 6.3.3 Conclusion on Art. 102 TFEU
  • 6.4 Strategic alliance of cloud service providers
  • 6.4.1 Definition of the strategic alliance
  • 6.4.2 Strategic alliance and Art. 102 TFEU exposure
  • 6.4.2.1 Collective dominance in European competition law
  • 6.4.2.2 The concept of collective dominance in U.S. antitrust law
  • 6.4.3 The necessity of strategic alliances
  • 6.4.4 Strategic alliance cost and benefits for cloud operators
  • 6.4.4.1 Barriers to entry in a foreign market
  • 6.4.4.2 Flexibility
  • 6.4.4.3 Skills acquisition
  • 6.4.4.4 Speed of adaptation
  • 6.4.4.5 Interpersonal relationships
  • 6.4.5 Legal evaluation of admissible strategic alliance conduct
  • 6.4.6 Conclusion on strategic alliances
  • 6.5 Conclusion
  • 7 Data privacy standardization cartel
  • 7.1 International data privacy standards
  • 7.2 Costs of privacy and data protection terms of contract
  • 7.2.1 Data privacy standardization under European law
  • 7.2.2 Individual exemption pursuant to Art. 101 para. 3 TFEU
  • 7.2.2.1 Overview of the criteria of Art. 101 para. 3 TFEU
  • 7.2.2.2 Criterion #1: Efficiency gains
  • 7.2.2.3 Criterion #2: Increase of consumer benefit
  • 7.2.2.4 Criterion #3: Indispensability of the restriction
  • 7.2.2.5 Criterion #4: No elimination of competition
  • 7.2.3 Data privacy standardization under U.S. law
  • 7.3 Summary
  • 8 Interoperability and innovation
  • 8.1 Definition of interoperability
  • 8.1.1 EU definition
  • 8.1.2 U.S. definition
  • 8.2 Interoperability and the IBM cases
  • 8.3 Interoperability and the Microsoft cases
  • 8.3.1 Application programming interfaces as essential facilities
  • 8.3.2 Adequate remuneration for interoperability information
  • 8.3.3 New product test and objective justification
  • 8.3.4 Summarizing Comments on Microsoft I and Microsoft II
  • 8.4 Interoperability as a sound policy goal
  • 8.5 Summary
  • Part III: Cloud computing and data privacy law
  • 9 Cloud computing and the new EU data privacy regulation
  • 9.1 The legislative process of the GDPR
  • 9.2 Overview of key amendments
  • 9.3 Right to be forgotten
  • 9.3.1 The legislative process of Art. 17 GDPR
  • 9.3.2 The burden of proof: When will the internet forget you?
  • 9.3.3 The defendant: Content provider or search engine?
  • 9.3.4 Technical compliance: How does the internet forget?
  • 9.4 Consent
  • 9.5 Data portability
  • 9.6 Privacy by design
  • 9.7 Notification obligations
  • 9.8 Compliance of international data flows
  • 9.8.1 The invalidation of the Safe Harbor
  • 9.8.1.1 The U.S. data privacy regime and the Safe Harbor principles
  • 9.8.1.2 EU data protection law and Safe Harbor rules
  • 9.8.1.3 Safe Harbor in the balance: Revoke or reform?
  • 9.8.1.4 The Safe Harbor invalidation on 6 October 2015
  • 9.8.1.5 The EU-U.S. Privacy Shield
  • 9.8.1.6 Impact for startups and cloud computing business
  • 9.8.2 Standard Contractual Clauses
  • 9.8.3 Corporate restructuring for Binding Corporate Rules
  • 9.8.4 Conclusion
  • 9.9 Fines for infringements of GDPR requirements
  • 9.10 Conclusion
  • 10 Contracts and certifications forcloud service providers
  • 10.1 Content of agreements and standardization
  • 10.2 ISO/IEC 27001, PS 980, ISO 19600 and ISO/IEC 27018
  • 10.3 Control over contractual partners
  • 10.4 Conclusion
  • 11 Society and public service use ofcloud services
  • 11.1 The mechanism of trust
  • 11.2 The price of missing trust and a bad reputation
  • 11.3 Cloud services and trust by example of Google location data
  • 11.4 Consent requirements and the digital footprint
  • 11.5 The utility of big data for society
  • 11.5.1 Example #1: Spreading of a pandemic
  • 11.5.2 Legal implication of example #1
  • 11.5.3 Example #2: Traffic optimization with Google and Waze
  • 11.5.4 Legal implications of example #2
  • 11.6 Conclusion
  • 11.6.1 Consent
  • 11.6.2 Data utilization
  • Part IV: Cloud computing and the road ahead
  • 12 Cyber foreign policy
  • 12.1 Introduction to the NIS Directive
  • 12.2 Pre-existing legal provisions for IT security
  • 12.3 Transatlantic cooperation for cybersecurity
  • 12.4 Key provisions of the NIS Directive
  • 12.5 Enforcement and sanctions
  • 12.6 Conclusion
  • 13 Conclusions and Outlook
  • 13.1 Benefits and risks of the cloud
  • 13.2 In-house IT transformation
  • 13.3 Cloud market exposure to EU and Member State data protection law
  • 13.4 General Data Protection Regulation
  • 13.5 Cloud market exposure to EU competition law
  • 13.6 What can U.S. cloud service operators do to stay compliant with EU laws?
  • 14 Annex: Interview questions formarket assessment
  • 14.1 Questionnaire in English
  • 14.2 Questionnaire in German
  • 15 Bibliography
  • EU Documents
  • List of Cases

Sára Gabriella Hoffman

Regulation of Cloud Services under US and EU Antitrust, Competition and Privacy Laws

img

About the authors

Sára Gabriella Hoffman is a privacy and antitrust attorney. She is an expert on encryption standards and cloud architecture. As Microsoft fellow at Stanford Law School, she studied technical and legal aspects of setting up data centers and protecting information from a data security perspective. She teaches at the Freie Universität Berlin and speaks frequently on cybersecurity, encryption, and the impact of data-driven business on antitrust law.

About the book

This book examines how cloud-based services challenge the current application of antitrust and privacy laws in the EU and the US. The author looks at the elements of data centers, the way information is organized, and how antitrust, competition and privacy laws in the US and the EU regulate cloud-based services and their market practices. She discusses how platform interoperability can be a driver of incremental innovation and the consequences of not promoting radical innovation. She evaluates applications of predictive analysis based on big data as well as deriving privacy-invasive conduct. She looks at the way antitrust and privacy laws approach consumer protection and how lawmakers can reach more balanced outcomes by understanding the technical background of cloud-based services.

This eBook can be cited

This edition of the eBook can be cited. To enable this we have marked the start and end of a page. In cases where a word straddles a page break, the marker is placed inside the word at exactly the same position as in the physical book. This means that occasionally a word might be bifurcated by this marker.

Acknowledgement

This work would not have been possible without Prof. Dr. iur. Dr. rer. pol. Dr. h.c. Christian Kirchner, LL.M. (Harvard). Professor Kirchner had the ability to kindle his students’ curiosity with ease and passion for his subject. This curiosity ended up shaping his students’ careers for life. His presence in the academic community is greatly missed.

I would like to thank Prof. Dr. Theo Bodewig and Prof. Dr. Heike Schweitzer, LL.M. (Yale) for being the academic advisors and for their very valuable guidance during the last year of my Ph.D. program. With many thanks also to Professor Dr. Harald Koch for chairing my defense committee.

The scholarships and grants of the German Academic Exchange Service (DAAD), Berlin’s Elsa-Neumann Scholarship (formerly NaFöG), and the generous contribution from Stanford Law School’s Microsoft Grant allowed me to expand this research and spend almost two years in the United States.

I would like to thank Professor George A. Hay at Cornell Law School for his advice and a wonderful time at Cornell. Also, with many thanks to Stanford Law School’s Professor A. Mitchell Polinsky for introducing me to a community unlike any other that is a continuous source of inspiration in my professional and personal life.

Friends on both sides of the Atlantic are the special ingredient to this amazing time. Thank you for everything.

This work is dedicated to my family, and in particular to two young scientists who were brave enough to try something new in 1990 – and gave their two daughters a life full of opportunities. ←7 | 8→ ←8 | 9→

Details

Pages
249
Publication Year
2017
ISBN (ePUB)
9783631703489
ISBN (MOBI)
9783631703496
ISBN (PDF)
9783653072679
ISBN (Hardcover)
9783631677391
DOI
10.3726/b10643
Language
English
Publication date
2016 (December)
Keywords
Cloud Computing Cloud Architecture Data Protection Law Cyber Security Interoperability and Innovation Investment in Cloud Computing
Published
Frankfurt am Main, Bern, Bruxelles, New York, Oxford, Warszawa, Wien, 2017. 249 pp., 26 b/w ill.

Biographical notes

Sára Gabriella Hoffman (Author)

Sára Gabriella Hoffman is a privacy and antitrust attorney. She is an expert on encryption standards and cloud architecture. As Microsoft fellow at Stanford Law School, she studied technical and legal aspects of setting up data centers and protecting information from a data security perspective. She teaches at the Freie Universität Berlin and speaks frequently on cybersecurity, encryption, and the impact of data-driven business on antitrust law.

Previous

Title: Regulation of Cloud Services under US and EU Antitrust, Competition and Privacy Laws