D220.127.116.11 – Cloud Legal Guidelines: Technical Implementation of Legal Requirements, Exploitation of the Toolkit in Use Cases and Component Licenses
This report has two aims: on the one hand, it is to ensure that no legal barriers are going to hinder the way of accomplishment of the OPTIMIS project goals. On the other hand, it gives research driven guid-ance about legal issues of cloud computing in OPTIMIS (and in similar projects). Specifically, this report shows how some of the legal requirements identified in the project have been technically implemented. It also gives guidance about legal issues arising from the exploitation of the toolkit in various use cases in-volving cloud bursting, the uses of the programming model to construct a genomic application and cloud brokerage. A very topical issue that usually arises in cloud environment is concerning data transfer to third countries. As this will no less be the case when the toolkit is in use, either by the service provider or infrastructure provider, we have reviewed the avenues for making such international personal data trans-fer legally compliant with the Data Protection Directive. For internal purposes, licensing issues within the components were equally x-rayed. In the end, a series of recommendations to political and legal stake-holders, among them, the European Commission about regulating data protection and data security in cloud transformations are given.
While our main focus, following the Description of Work (DoW),1 has been on data protection and data security requirements in OPTIMIS and ownership of information and domestic green legislation, we follow a high level approach by assessing the observed legal problems at European level in order to ensure com-pliance across the various jurisdictions of the Member States. We offer further analysis on the national situation where this is necessary for a judgement of the legality of a service.
Keywords: Cloud Computing, Data Management, Data Transfer, Use Cases, Licenses, Technical Implemen-tation