On the regulation of cloud computing contracts / Clarice Marinho Martins de Castro

(1)

Pós-Graduação em Ciência da Computação

“ON THE REGULATION OF CLOUD COMPUTING

CONTRACTS”

Por

CLARICE MARINHO MARTINS DE CASTRO

Tese de Doutorado

Universidade Federal de Pernambuco posgraduacao@cin.ufpe.br www.cin.ufpe.br/~posgraduacao

(2)

UNIVERSIDADE FEDERAL DE PERNAMBUCO

CENTRO DE INFORMÁTICA

PÓS-GRADUAÇÃO EM CIÊNCIA DA COMPUTAÇÃO

CLARICE MARINHO MARTINS DE CASTRO

“On the regulation of cloud computing contracts "

ESTE TRABALHO FOI APRESENTADO À PÓS-GRADUAÇÃO EM CIÊNCIA DA COMPUTAÇÃO DO CENTRO DE INFORMÁTICA DA UNIVERSIDADE FEDERAL DE PERNAMBUCO COMO REQUISITO PARCIAL PARA OBTENÇÃO DO GRAU DE DOUTOR EM CIÊNCIA DA COMPUTAÇÃO.

ORIENTADOR: Ruy José Guerra Barretto de Queiroz

(3)

Catalogação na fonte

Bibliotecária Joana D’Arc L. Salvador, CRB 4-572

Castro, Clarice Marinho Martins de.

On the regulation of cloud computing contracts / Clarice Marinho Martins de Castro. – Recife: O Autor, 2014.

303 p.: fig., tab.

Orientador: Ruy José Guerra Barreto de Queiroz . Tese (Doutorado) - Universidade Federal de Pernambuco. CIN. Ciência da Computação, 2014. Inclui referências.

1. Computação em nuvem. 2. Direito eletrônico. 3. Contratos de computação em nuvem. 4. Código de defesa do consumidor. I. Queiroz, Ruy José Guerra Barreto de (orientador). II. Título.

(4)

Tese de Doutorado apresentada por Clarice Marinho Martins de Castro à Pós Graduação em Ciência da Computação do Centro de Informática da Universidade Federal de Pernambuco, sob o título “On the Regulation of Cloud Computing Contracts” orientada pelo Prof. Ruy José Guerra Barretto de Queiroz e aprovada pela Banca Examinadora formada pelos professores:

__________________________________________ Prof. Carlos André Guimarães Ferraz

Centro de Informática / UFPE

___________________________________________ Prof. Frederico Luiz Gonçalves Fernandes

Centro de Informática / UFPE

___________________________________________ Profa. Fernanda Maria Ribeiro de Alencar

Departamento de Eletrônica e Sistemas / UFPE

___________________________________________ Prof. Gustavo Ferreira Santos

Centro de Ciências Jurídicas / UFPE

____________________________________________ Prof. Alexandre Freire Pimentel

Departamento de Ciências Jurídicas / UNICAP

Visto e permitida a impressão. Recife, 15 de abril de 2014.

___________________________________________________ Profa. Edna Natividade da Silva Barros

Coordenadora da Pós-Graduação em Ciência da Computação do Centro de Informática da Universidade Federal de Pernambuco.

(5)

Acknowledgements

I wish to thank God for the love and perseverance that He has bestowed upon me throughout my life.

I must thank the Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES) for the scholarship awarded (Bex 5946/11-5) in order to conduct part of my doctoral research as a visiting graduate student at Queen Mary University of London (November 2011/January 2013).

I owe a sincere debt of gratitude to my supervisor Professor Ruy José Guerra Barretto de Queiroz for his scientific advice and knowledge, guidance, efficiency and encouragement throughout my PhD.

I am also thankful to Professor Chris Reed for sharing with me his extensive knowledge of Computer Law and insightful comments and suggestions for my research.

I would like to thank all the professors that evaluated my thesis and made important contributions to it: Alexandre Freire Pimentel, Carlos André Guimarães Ferraz, Fernanda Alencar, Frederico Freitas, Gustavo Ferreira Santos and João Araújo. My sincere gratitude goes to Paulo Padovan for his generous support throughout my PhD research, for his stimulating discussions and suggestions that enriched this thesis.

I need to express my gratitude to Jaelson, for motivating me to embark on this PhD at the Centre of Informatics at the Federal University of Pernambuco, and also my daughter Isabela for providing invaluable support in relation to the English academic writing.

I would particularly like to thank Maria Letícia V. Coelho de Araújo, Beatriz Regina de Santana and Kate Hillier for the continuous and precious support that helped me complete this PhD.

Finally, I would like to thank my uncle Paulo Emílio, my aunties Ana Francisca (Mana) and Socorro, Marly (Ia), and Sílvia, Luciana, Leonardo, Daniela, Eduardo,

(6)

Carlos Eduardo, Paula, Maria Eduarda, Luís Eduardo, Mauro and Francisco, for all of their love and support.

This thesis is dedicated to Clara, Isabela, Armando, Jaelson, my mother and the memory of my father.

(7)

"All media of communication begin as links or bridges between people and things and end as substitutes for the things with which they had originally established new contact"

(8)

Resumo

A computação em nuvem encontra-se rapidamente se desenvolvendo e oferecendo inúmeras vantagens à indústria da Tecnologia da Informação (TI). Ela tem permitido a realização do antigo sonho da computação tornar-se uma ‘utilidade’. Todavia, esta realidade apresenta riscos e desafios em diferentes áreas, sobretudo no âmbito legal, e nos contratos de consumo em particular. Assim, considerando a complexidade da computação em nuvem, torna-se essencial a busca de um menor grau de incerteza na relação fornecedor-consumidor. A presente pesquisa tem por objetivo analisar e caracterizar as transações de computação em nuvem, tanto nos contratos de serviço, como nos contratos de fornecimento de conteúdo digital. Para tanto, esta tese examinará legislações de natureza internacional e nacional, bem como contratos, que poderão ser utilizados na regulamentação das atividades em nuvem no Brasil. De início, será realizada uma apreciação crítica quanto à possibilidade de aplicação da legislação relativa a um "Direito Europeu Comum de Compra" - denominada na língua inglesa de “Common European Sales Law (CESL) - nos contratos de fornecimento de conteúdo digital realizados entre o Brasil e os Países Membros da União Européia. Em seguida, serão examinadas algumas regras gerais presentes no Código de Defesa do Consumidor brasileiro a fim de ser discutida a aplicabilidade do referido Código nos contratos de computação em nuvem. Por fim, serão estudados três contratos de computação em nuvem oferecidos pelo Google no Brasil com o objetivo de apontar os sérios riscos apresentados para os consumidores ao firmar tais acordos, bem como a adequação de tais instrumentos em face da legislação nacional.

Palavras-chave: Computação em nuvem, Conteúdo digital, Contrato, Direito Comercial Europeu Comum, Código de Defesa do Consumidor.

(9)

Abstract

The paradigm of cloud computing has been developing quickly and offers many new advantages to the information technology industry. It is turning the long-held dream of computing as a utility, into a reality. However, it also poses risks and challenges in different fields, especially in the legal area, that may affect the stakeholders of this market. Given the complexity of cloud computing, it is essential to assure that there is little uncertainty in the provider-consumer relationship. This research aims to analyse and characterise cloud computing transactions from a legal perspective, both as a service contract, and as a contract for the provision of digital content. Thus, in this thesis we examine international and national legislation, as well as contracts, which may govern the relationship between cloud stakeholders.

Given the international and cross-border nature of the proposed Common European Sales Law (CESL), which may eventually be applied between Brazilian and European contracts, and due to the legal rules which it is based sharing some similarities to the civil law system in Brazil, we begin offering a critical view of the possibility of applying this proposal on a Common European Sales Law to some cloud computing transactions when they supply digital content. Next, we turn to examine whether the Brazilian Consumer Protection Code (CDC), with its existing general rules relating to ‘goods’ and ‘services’, and some other definitions, could be broad enough to cover the necessities of cloud consumers in Brazil. Lastly, we examine the issue of regulating cloud computing through contract. In particular, we identify a set of key legal issues to be considered by consumers when entering into a cloud contract. In order to illustrate their importance, we perform a detailed evaluation of some Google cloud-based agreements to check if they are compatible with existing laws in Brazil.

Keywords: Cloud Computing, Digital Content, Contract, Common European Sales Law, Brazilian Consumer Protection Code.

(10)

List of Tables

Table 1 - Nature and type of cloud service offered by Google and target market . 133 Table 2 - ‘Using our Services’ (Customer’s Obligations; Intellectual Property Rights; Google’s rights to scrutinize the content and to send communications to the users)

... 140

Table 3 - ‘Privacy and Copyright Protection’ ... 141

Table 4 - ‘Your Content in our Services’ (Rights over content and IPR) ... 142

Table 5 - ‘About Software in our Services’ ... 143

Table 6 - ‘Modifying and Terminating our Services’ ... 144

Table 7 - ‘Our Warranties and Disclaimers’ ... 145

Table 8 - ‘Liability of our Services’ ... 147

Table 9 - ‘Business users of our services’ ... 148

Table 10 - ‘About these Terms’ (Modification of the terms; choice of law and jurisdictions) ... 149

Table 11 - Preamble Business Agreement: English version ... 153

Table 12 - Clause 1.1 (first part) Both Agreements: Facilities (Data security, confidentiality and integrity) ... 154

Table 13 - Clause 1.1 (second part) Both Agreements: Data transfer (Data transfer, store, process and location) ... 155

Table 14 - Clause 1.2 Both Agreements: Modifications ... 156

Table 15 - Clause 1.4 Business Agreement and Clause 1.4(a) Education Agreement: Ads ... 157

Table 16 - Clause 2.1 Business Agreement and Clause 2.2 Education Agreement: Customer Obligations: compliance ... 158

Table 17 - Clause 2.3 Both agreements: Customer Obligations: Customer Administration of the Services ... 159

Table 18 - Clause 6 Business Agreement Clause 7 Education Agreement: Confidential Information ... 160

Table 19 - Clause 7 Business Agreement Clause 8 Education Agreement: Intellectual Property Rights (IPR) and Brand Features ... 161

Table 20 - Clause 8 Business Agreement Clause 9 Education Agreement: Publicity related to customer’s name or brand feature ... 162

(11)

Table 21 - Clause 9 Business Agreement Clause 10 Education Agreement: Representations, Warranties and Disclaimers ... 163 Table 22 - Clause 11 Business Agreement Clause 12 Education Agreement: Termination ... 164 Table 23 - Clause 12 Business Agreement Clause 13 Education Agreement: Indemnification ... 165 Table 24 - Clause 13 Business Agreement Clause 14 Education Agreement: Limitation of Liability ... 167 Table 25 - Clause 14 Business Agreement and Clause 15 Education Agreement: Miscellaneous - Governing Law ... 168 Table 26 - Reviewing some relevant clauses of the general Google Privacy Policy in light of the CDC in Brazil. ... 172 Table 27 - Reviewing the main clauses of the Google Apps Service Level Agreement (SLA) in light of the Consumer Protection Code (CDC) in Brazil. ... 178 Table 28 - Reviewing the main clauses of the Google Apps Acceptable Use Policy (AUP) in light of the CDC ... 181 Table 29 - Crédito de Serviço ... 302

(12)

List of Acronyms and Abbreviations

Abbreviations

e.g. exempli gratia for example et al. et alii and others

i.e. id est that is

ibid ibidem in the same place (referring to a publication mentioned immediately earlier)

Acronym

AUP Acceptable Use Policy

BIS UK Department for Business, Innovation & Skills B2B Business to Business

B2SME Business to Small and Medium Enterprises B2C Business to Consumer

CESL Common European Sales Law CRD Consumer Rights Directive CDC Consumer Protection Code CLP Cloud Legal Project

CPC Civil Procedure Code

DMCA Digital Millennium Copyright Act EU MS European Union Member States

ICI Information and Communication Industry IDC International Data Corporation

IPR Intellectual Property Rights ISS Tax over Services of Any Nature IaaS Information as a Service

IT Information Technology

NIST United States National Institute of Standards and Technologies PaaS Platform as a Service

SaaS Software as a Service

RegCESL Regulation of the Common European Sales Law SLA Service Level Agreement

SME Small and Medium Enterprises T&C Terms and Conditions

ToS Terms of Service UCC User created content UGC User generated content WTO World Trade Organization

(13)

Table of Legislation

Brazil. Bill n° 2126 of 24 August 2011 44

_____Bill n° 171/2012 of 8 May 2012 47

_____Bill n° 4099 of 12 December 2012 49

_____Bill n° 5344 of 9 April 2013 44

_____Complementary Rule n° 14 (14/IN01/DSIC/GSIP) of 30 January 2012 45 _____Decree Law n° 2.848 of 7 December 1940 (Penal Code) 46

_____Decree n° 7.724 of 16 May 2012 45 _____Decree n° 7.962 of 15 March 2013 45 _____Law n° 8.078 of 11 September 1990 52 _____Law n° 9.279 of 14 may 1996 160 _____Law n° 9.609 of 19 February 1998 143 _____Law n° 9.610 of 19 February 1998 142

_____Law n° 10.406 of 10 January 2002 (Civil Code) 22

_____Law n° 12.527 of 18 November 2011 45

_____Law n° 12.682 of 9 July 2012 45

_____Law n° 12.737 of 30 november 2012 45

_____Normative Instruction n° 01 of 13 June 2008 45

European Commission Proposal for a Regulation on a Common European

Sales of 11 October 2011 (CESL) 20

Council of European Communities. Directive 93/13/EEC of 5 April 1993 (Unfair Terms in Consumer Contracts)

27 _____Directive 1999/44/EC of 25 May 1999 (Consumer Sales) 64 _____Directive 2000/31/EC of 17 July 2000 (E-commerce). 64 _____Directive 2011/83/EU of 25 October 2011 (Consumer Rights) 53 _____Regulation (EC) n° No. 593/2008 of 17 June 2008 (Rome I) 85

(14)

Introduction

1.1. Motivation

Digital technological development over recent decades has provoked a paradigm shift, and cloud computing technology has recently gained greater significance as a competitive element of the global Information and Communication Industry (ICI). The paradigm of cloud computing has been swiftly developing and offering regular new advantages to the information technology market. Cloud computing is said to be easy to consume and manage, to contract, to scale applications on demand and to improve cost efficiencies through any provider’s web, at relatively low cost or even paid for in a non-monetary form.

This impact is unquestionably present in many fields. Big or small companies and government institutions across the globe have started to move their data and many transactions into the cloud. Additionally, email services such as Gmail, Hotmail or photo sharing, such as Flickr or social networking sites, like Facebook, are all ‘cloud-based’ in nature.1

This large market is represented not only by the provision of cloud-based transactions that, from the legal perspective, are considered just services, but also by the mass-market supply of digital content via some aspects of cloud computing, or more specifically, through the use of Digital Content as a Service. For example, Google launched Google Music, which is a music service for the Android platform. Consumers can purchase individual songs or albums, which can be streamed to multiple devices from the cloud. Sony Corporation Music is another cloud-based music streaming service, which enables its subscribers to store music for use in different Internet devices such as smartphones, games consoles or television sets.2

1_{European Commission, ‘Unleashing the Potential of Cloud Computing in Europe’, (Communication) COM (2012),} 529 final.

2_{See Organisation for Economic Co-operation and Development (OECD), Directorate for Science, Technology and} Industry Committee on Consumer Policy, ‘Report on Protecting and Empowering Consumers in the Purchase of Digital Content Products” DSTI/CP (2011) 25/FINAL 19 March 2013.

(19)

17

However, with the evolution of cloud computing services in the years to come, these global transactions will raise more serious structural, commercial and legal concerns. Some of those concerns are related to issues such as data protection, data security, confidentiality of information and privacy, and intellectual property. Undoubtedly, some legal difficulties that affect cloud computing have been controversial in the context of e-commerce for many decades. Although these matters are not only ‘cloud challenges’, they have been intensified within the complex cloud context. In addition, as digital content moves to the cloud, and thus ceases to be supplied on physical media, the uncertainty grows. In any case, a long-standing ambiguity exists in the law regarding what terms should be present in cloud transactions, either when they supply digital content or when they provide only a service, and if they can be classified as a sale or a service contract or as sui

generis.

In this new dynamic scenario, we claim that consumer law has to wholly protect digital consumers and providers, giving certainty to their relationship. It is imperative for the development of this digital economy that both online providers and customers, particularly consumers, have certainty and security of rights acquired through business made via cloud computing platforms.

In order to reconcile these challenges or minimise some of the concerns relating to consumer law, governments, international agencies and academic experts, within and outside Europe, Australia, Canada and United States, have been studying the effects of this digital technological market and its legal consequences.

(20)

18

Their reports and studies3_{, drafted proposal of law}4_{and new legislation}5_{aim to give} consumers of electronic transactions the ability to maintain their basic rights as the vulnerable party in the online consumption relationship. It also gives the providers the ability to understand their rights and obligations, avoiding ambiguous or complex laws that may lead to expensive and disruptive litigation.

1.2. Problem formulation

Cloud computing is increasingly being used in business-to-consumer (B2C) and business-to-business (B2B) cross-border transactions, i.e. those that involve providers and consumers from different jurisdictions and diverse consumer protection legislation. Hence, it is of paramount importance to examine how these transactions can be regulated. This calls for an investigation to identify possible legal instruments that can involve parties located in different countries at the time of the contracting.

3_{At the European level, initiatives related to cloud computing and consumers, see Policy Department Economic} and Scientific Policy, A Fielder et al, “Cloud Computing. Study for the European Parliament’s Committee on Internal Market and Consumer Protection” (2012) IP/A/IMCO/ST/2011-1 and the European Commission, “Unleashing the Potential of Cloud Computing in Europe”, COM (2012) (Communication), 529 final. On international and national agency reports, see Organisation for Economic Co-operation and Development (OECD) Report on “Protecting and Empowering Consumers in the Purchase of Digital Content Products” (2011) DSTI/CP 25/FINAL; “Consumer Protection in Cloud Computing Services: Recommendations for Best Practices from a Consumer Federation of America. Retreat on Cloud Computing’ (2010) available at www.consumerfed.org/pdfs (accessed 10 April 2012); and Union des Consummateurs, “Canadian Perspectives on Cloud Computing and Consumers” (2011) available at http://uniondesconsommateurs.ca/docu/vieprivee/CloudComputingE.pd (accessed 6 Sept 2013). On the studies particularly related to digital content and consumer law, see “Analysis of the applicable legal framework and suggestions for the contours of a model system of consumer protection in relation to digital content contract”, Final Report – “Comparative analysis, Law & Economics analysis, assessment and development of recommendations for possible future rules on digital content contracts”, M. Loos et al (2011) and “Comparative analysis of the applicable legal frameworks and suggestions for the contours of a model system of consumer protection in relation to digital content services”, Report 1: Country Reports, University of Amsterdam. Also, a study entitled “Digital Content Services for Consumers: Assessment of Problems Experienced by Consumers – LOT 1”, (2011) Europe Economics and commissioned by the European Commission. An overview of the consumer rights in ‘digital products’ commissioned by the UK Government for Business, Innovation & Skills was produced by Professor Robert Bradgate “Consumer rights in digital products” (2010). Some other relevant material in this area includes Hans-W Micklitz, “Do Consumers and Business Need a New Architecture of Consumer Law? A Thought-Provoking Impulse”, European University Institute, Florence, Department of Law, EUI Working Paper Law 2012/23; M Loos et al, “The Regulation of Digital Content Contracts in the Optional Instrument of Contract Law’ (2011) 6 European Review of Private Law 729-758.

4_{See European Commission’s proposal for a Regulation on a Common European Sales Law - Proposal of 11 October} 2011, COM(2011) 635 final (CESL).

5_{See Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights} (Consumer Rights Directive or CRD).

(21)

19

Needless to say, the United States has been the leader in providing cloud computing services, not just domestically, but also abroad. American companies tend to adopt American law in all their online agreements. For this reason, they do not comply with any consumer protection law in any other country. This circumstance is reflected in contracts that ordinarily include clauses written by the cloud providers that are abusive, unfair, illegal or at least unenforceable in many jurisdictions. In reality, as Kotz reports, in the United States each of the fifty states have its own contract law.6_{The country also favours deregulation and relies heavily} on case law developments. Indeed, Brazilian consumer protection laws are much more similar to European than American laws. It is worth clarifying that many fundamental principles and rules of consumer protection are similar across Europe, Brazil and other countries that have adopted civil law systems. On the other hand, the contracts in the common law jurisdictions, mostly in the United States, are not so vulnerable to change or being challenged by contractual and consumer legislation. This extreme market dominance of a few North American cloud providers that apply their own contractual rules in their online transactions is not enough for consumers/customers to avoid receiving a proper level of guarantee in terms of consumer protection in countries like Brazil.

In other words, if cloud providers and users do not enter into valid cloud contracts, the Civil or Consumer Codes will be applied by default. Further, even if valid cloud contracts exist, some of the national law, such as the Brazilian Consumer Protection Code (hereinafter CDC), due to its obligatory nature, remains applicable to the consumption relation.

Hence, we concentrate on the analysis of the contractual and consumer European Community acquis,7_{where consumers are most adequately protected and} the laws share the same goal as in Brazil: protecting the parties that are considered vulnerable or weaker.

6_{See H Kotz, ‘Contract Law in Europe and in the United States: Legal Unification in the Civil Law and the Common} Law’ (2012) 27 The Tulane European and Civil Law Forum 1, 1.

7_{Community acquis or acquis communautaire is the ‘full set of the European Union’s legislative, regulatory,} judicial, and normative output’, in J Pinder & S Usherwood, The European Union Introduction (Oxford University Press 2007).

(22)

20

We note that in October 2011, the Common European Sales Law (CESL) was proposed. It provides a new regime of contract law applicable to all European Union Member States. According to Article 4 of the Regulation, the cross-border contracts that may adopt CESL as its legal instrument can involve parties located in different countries at the time of contracting, whereby just one needs to be a European Member State. Therefore, if the CESL Proposal becomes law, it can be adopted by Brazil; either consumers or service providers. Moreover, the CESL was mainly drafted by German scholars and lawmakers, and the legal rules in which it is based, have many similarities to the civil law system adopted in Brazil; particularly, in the area of contract and consumer law.

Thus, it is important to investigate under what circumstances the CESL can be applied to cloud computing transactions. This research may also help to shed some light onto the intricacies of digital content and cloud computing contracts when they are providing digital content.

Another important issue that needs to be addressed is how consumers of cloud transactions could be protected against unfair or unconscionable contract terms and unfair or misleading practices on the part of cloud providers in Brazil. We argue that digital consumers deserve the same level of protection for their transactions as offered in other forms of commerce. Thus, it is important to investigate some legislation and contracts which may govern the relationship between cloud stakeholders.

The 1988 Brazilian Constitution considers consumer protection laws as a tool to promote equality between contractual parties, assuming that this power is always unbalanced. It takes the approach that self-regulatory schemes alone cannot provide adequate protection to the consumer. As such, the CDC is the main instrument to protect the consumption relationship. Although little has been discussed and established in regard to digital consumer law per se, in relation to cloud-based transactions, we assume that soon this invasive market offered by multinational corporations needs to receive an adequate level of attention from the regulators in Brazil and from the courts when interpreting the Brazilian CDC. For

(23)

21

this reason, we need to examine the possibility of the current CDC legal framework – with its general rules relating to the sale of goods and supply of services – be applied to cloud computing transactions.

Certainly, the most adopted regulation model for cloud computing is the contract. Cloud contracts are frequently accessible on the web provider’s online platform via a standard form, to be accepted by user with a single click. Under these agreements, providers will usually try to fully protect themselves. As a consequence, consumers/customers have to face the risks that are inherent in contract terms that are not negotiated and may be unfavourable to them. Nevertheless, the clauses of these contracts may be legally contested on the basis of unfairness which produces a high level of uncertainty for cloud providers and consumers/customers.

Hence, it is of fundamental importance to evaluate the main clauses of some cloud-based agreements in Brazil to identify the level of safety and fairness of these contractual terms and conditions under Brazilian legislation. Since the principal focus of this research is consumer law and the relationship consumers have with cloud computing transactions, the evaluation of those clauses should be made primarily according to the Brazilian CDC, and to a lesser extent, under the Civil Code (CC) and other specific legislation in Brazil.

In summary, unclear and legally uncertain contracts between providers and consumers/customers justify the concerns of this research, i.e. the investigation of some international and national legislation and contracts which may govern the relationship between the cloud stakeholders, and which may reconcile disputes between them.

1.3. Research objectives

This research aims to analyse and characterise cloud computing transactions from a legal perspective, both as a service contract, and also when it involves the supply of digital content. Henceforth, the thesis objectives now follow.

(24)

22

Objective 1 - Concerns the analysis of the applicability of the Common European Sales Law (CESL) as the international instrument to cloud computing transactions, and the adoption of such legal instrument in Brazil. We examine whether the CESL can be applicable to cloud computing transactions. If so, which models of cloud computing transactions, namely, Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) could be framed as a contract for the supply of digital content. In addition, we investigate the importance of this international instrument, and if it can be adopted by Brazilian consumers/customers.

Objective 2 - Involves an examination of the applicability of the Brazilian Consumer Protection Code (CDC) to cloud computing transactions in Brazil. We investigate if the current legal framework that exists in the Brazilian CDC is applicable to cloud-based contracts, both when providing services and supplying digital content. If not applicable, we look at which amendments to current legislation would be necessary to better fit cloud computing transactions.

Objective 3 - Concerns the revision of the legal problems relating to cloud computing contracts in Brazil.

Relevant concerns addressed by consumers when entering into a standard cloud contract are highlighted. To illustrate the importance, we evaluate relevant clauses of some of Google’s cloud-based agreements in Brazil in order to check if they are compatible with existing laws, essentially in light of the CDC, and to a lesser extent, under the Civil Code (CC) and other specific legislation in Brazil.

1.4. Contributions

The contribution of the work reported in this thesis is summarised as follows.  We review background information on technical aspects, which might prove useful to those legal professionals unfamiliar with cloud computing technology. It includes a discussion on importance of the cloud industry, its history, as well as the differences and similarities with other types of

(25)

23

information technology services. A review of key stakeholders, types of services and deployment models is also provided.

 We offer the legal background necessary for an appropriate understanding of the regulation of cloud computing. It includes a review of recent acts and bills concerning cloud computing activities and digital content in Brazil. We also analyse the issue of consumer rights in the digital world and elucidate the main aspects of the Consumer Protection Code of Brazil. Given that some cloud computing transactions involve the supply of digital content, some of its controversies are examined. Moreover, some contractual aspects of cloud-based services are reviewed.

 We provide a detailed analysis of the applicability of the Common European Sales Law (CESL) to some cloud computing transactions. We clarify the obscure aspect that, provided that this international instrument does not cover service contracts, it may only accept cloud transactions that involve the supply of digital content. We also describe a number of uncertainties present in the proposal which may compromise its adoption by the cloud computing industry. Hence, as an additional contribution we suggest some ways to fix these problems.  We conduct a meticulous examination of the applicability of the Brazilian

CDC to cloud computing transactions in Brazil. We also identify the difficulty of interpretations of some definitions and terms which may limit its applicability.

 We perform a legal evaluation of some cloud-based agreements to check if they are compatible with existing laws in Brazil. The assessment is based on a previously defined set of key issues that must be considered by consumers when entering in a cloud contract.

1.5. Publications

(26)

24

 Castro C & de Queiroz R, ‘The Song of the Sirens: Google Books Project and copyright in a digital age’ (2012) 16 (9) Information, Communication & Society, 1441-1455.

 Castro C, Reed C & de Queiroz R, ‘On the Applicability of the Common European Sales Law to Some Models of Cloud Computing Services’ (2013) 4 (3) European Journal of Law and Technology <ejlt.org/article/view/186/409>

 Castro C, Reed C & de Queiroz R, ‘On the applicability of the Consumer Protection Code to cloud computing transactions in Brazil’ (2013) 10 (4) SCRIPTed Journal of Law, Technology & Society, 458-477 <http://script-ed.org/?p=1260>

 Castro C & de Queiroz R, ‘Reviewing some clauses of cloud-based Google’s Agreements in Brazil’ (2013) IEEE Latin America Conference on Cloud Computing (LatinCloud 2013), Maceio, Brazil, December 2013.

1.6. Methodology

Following an extensive review of the literature, from academia, from government papers, the judiciary and policy regulators regarding the problem of characterising cloud computing transactions and digital content from a multidisciplinary perspective, combined with a comparative analysis of the European and the Brazilian scenarios, the method used here is essentially of a qualitative nature. The thesis and arguments herein expounded will not be borne out of statistical data nor leveraged out of field research; rather, they will arise out of conceptualisation and a reflection on the nature of the notion of cloud computing transactions and digital content.

1.7. Structure of the thesis

This thesis consists of seven chapters. The first chapter offers an introduction, where the motivation, problem formulation, objectives, publications, methodology and contributions of the thesis are provided.

Chapter two serves as the background to ensure strong comprehension of the technological issues relating to cloud computing.

(27)

25

Chapter three offers an examination of the legal background necessary for an appropriate understanding of the regulation of cloud computing which will be discussed in the following chapters.

Chapter four challenges the applicability of the Common European Sales Law (CESL) to some cloud transactions. It discloses the difficulties relating to the uncertainties present in the proposal which, if not fixed, will not attract the use of the CESL to the cloud computing industry. It specifically analyses which models of cloud computing could be framed as a contract for the supply of digital content under the CESL proposal. It demonstrates that if this proposal becomes an international legal instrument, it may also be adopted by Brazilian cloud computing consumers/customers.

Chapter five examines the regulation of cloud computing and digital content by law, particularly the applicability of the Brazilian Consumer Protection Code (CDC) to cloud computing transactions involving pure service and/or supplying digital content. It examines the legal dispute over whether cloud computing offering is categorised as a good, service or a sui generis category including a number of issues relating to the definitions within the Code. It also investigates whether digital content needs special legal treatment under the CDC. Finally it concludes that the current consumer protection legislation in Brazil may provide digital consumers with the same level of protection for their transactions as offered in other forms of commerce.

Chapter six scrutinises the most commonly adopted regulatory framework of cloud computing transactions, i.e. the contract. It evaluates the main clauses arising from a selection of Google’s Terms and Conditions (T&Cs) in Brazil. The objective is to check if they are compatible with prevailing laws, essentially from a consumer’s point of view, and to a lesser extent, when involving customers/users under the Civil Code (CC) and other specific Brazilian legislation.

Chapter seven offers some conclusions of the thesis for the regulation of cloud computing contracts in Brazil and brieftly mentions which future works can be done.

(28)

26

Chapter 2

Key aspects of cloud computing

2.1. Introduction

Given that this research comprises both technical frameworks and legal aspects of cloud computing, the analysis of the main issues relating to the technical framework is fundamental for a better legal understanding.

In this chapter we discuss some general aspects relating to cloud computing. Secondly, we point out the importance of the cloud industry, and thirdly, we offer a brief historical framework. Then, we analyse the key stakeholders in cloud transactions. We explain the differences and similarities of cloud computing with other types of information technology services. Finally, some definitions and characteristics are given, and the main types of services and deployment models of cloud are provided.

2.2. Importance of the cloud computing industry

The recent growth of cloud computing is one of the major advances in the history of computing. It is one of the highest growing segments of the Information Technology Industry (ITI) and is currently being adopted across different sectors of society. The cloud is developing essentially in response to consumer and business demands. According to Gartner’s analysis in 2013, ‘between 2013 and 2016, $677bn (£412bn) will be spent on cloud services worldwide. There will be strong demand for all types of services’.8

As stated by the European Commission (EC) following a study of the potential in cloud computing across Europe in 2012, ‘Where the World Wide Web makes information available everywhere and to anyone, cloud computing makes computing power available everywhere and to anyone. Like the web, cloud computing is a technological development that has been ongoing for some time and

8_{P Solman, ‘Companies take to the cloud for flexible solutions’, Financial Times (London, 28 January 2014)} <http:www.ft.com/int/cms> accessed 29 January 2014.

(29)

27

will continue to develop.’9_{Petri argues that, ‘businesses are not simply transferring} existing systems to the cloud. People are not migrating services, but doing things that weren’t possible before, such as in social media, mobile and big data spaces.’10

Cloud computing is, in essence, Internet-based computing where software, hardware and all resources are hosted away from a business within a virtual ‘cloud’. According to Cave, ‘The term originates from networking schematics which had a cloud as the representation of the Internet (or another network) beyond the parts of the network in focus.’11_{The use of the term ‘cloud’ is indeed a metaphor, which} means that a huge number of Information Technology (IT) resources can be delivered, stored, processed or concentrated elsewhere in large data centres, physically far from the companies, the organisations or the users that contract cloud services by the providers. Then, the cloud may be accessed by any web browser or app, either on a desktop computer or mobile device, allowing the portability of a user’s files.

The age of the personal cloud is taking place everywhere. Cloud computing has expanded beyond high computational resources to those who use social networks and webmail or share their photos in web albums. Even the digital games that require a super powered computer or a dedicated console are rapidly being made available on the cloud.

The big companies are using cloud services to implement internal IT to improve their efficiency. Small and Medium Enterprises (SME) now have the opportunity to access processing capabilities thus far reserved for large corporations and also spread their business to larger markets.

In the public sector the rationale for cloud computing use may be slightly different, but is also an important matter. Governments in places such as New Zealand, Australia, Japan, the United States, the United Kingdom and Canada ‘see

9_{European Commission, ‘Unleashing the Potential of Cloud Computing in Europe’, (Communication) COM (2012),} 529 final,1.

10_{P Solman, ‘Companies take to the cloud for flexible solutions’, Financial Times (London, 28 January 2014)} <http:www.ft.com/int/cms> accessed 29 January 2014.

11_{J Cave, N Robinson, S Kobzer and R Schindler, ‘Regulating the Cloud: More, Less or Different Regulation and} Competing Agendas’ (2012) <http://dx.doi.org/10.2139/ssrn.2031695> accessed 30 January 2014.

(30)

28

cloud services as an opportunity to improve business outcomes through eliminating redundancy, increasing agility and providing information and communication technology (ICT) services at a potentially cheaper cost’.12_{President Obama} recognises that cloud computing will play a considerable role in lowering IT costs and will also improve public sector IT for the Federal Government, growing operational efficiency and responding faster to constituent needs. For this reason, the USA government has implemented a ‘Federal Cloud Computing Strategy’, that creates an architecture of cloud computing known as ‘Cloud-First Policy’ designed to guide agencies in moving systems to a cloud computing environment. The USA General Services Administration (GSA) has already identified three main benefits of cloud computing, namely, cost-saving and efficiency, agility and innovation. The GSA plans to move federal emails to the cloud, standardise security of the service and reduce the number of servers needed. These advantages are also associated to energy and environmental improvements under a low-cost framework.13_{In Europe,} similar initiatives are under way on a national level such as: the G-Cloud in the UK, Andromede in France and Trusted Cloud in Germany. As part of the G-Cloud project, the UK Government launched a Government Application Store which permits users to compare accredited cloud software against their personal requirements.14_In order to increase the value for money and the integration of these programmes, the European Commission has created the European Cloud Partnership (ECP) in order to create general coordination and safety of these cloud initiatives while avoiding fragmentation.15

There is great potential and already a number of significant opportunities to help developing countries to benefit from cloud computing technology. The customer uses computing resources operated by the provider on a server controlled

12_{Department of Finance and Deregulation, ‘Opportunities and Applicability for use by the Australian} Government’ Cloud Computing Strategic Direction Paper (2011) Version 1.0; Commission, 6 <http://www.finance.gov.au/files/2013/04/final-_cloud_computing_strategy_version_1.1.pdf> accessed 28 April 2012.

13_{See ‘GSA Launches Effort to Transition Federal Government to Cloud Computing’ (June 6, 2012)} <http://www.gsa.gov/portal/content/136575> accessed 2 July 2013 and also M Tanton, ‘President Obama Reiterates Cloud-First Policy’ ( February 17, 2011) <cloudtimes.org/2011/02/17> accessed 3 March 2011.

14_{See http://www.govstore.net/.}

15_{European Commission, ‘Unleashing the Potential of Cloud Computing in Europe’, (Communication) COM (2012),} 529 final, 1.

(31)

29

by the provider and pays on a usage basis. In general, cloud computing is charged as a utility, sometimes on a subscription basis, and sometimes only for what is used, i.e. on a per-use basis. Therefore, small businesses, without huge upfront investment, can exploit high-end applications (e.g. Enterprise Resource Planning software, ERP, or businesses analytics) that have been unavailable to them. It also permits the combination of different cloud computing services which are integrated into a single service or application; the so-called mashups. Moreover, cloud computing may appeal to businesses that want to reduce their carbon footprint, as the move to the cloud will allow organisations to reduce their IT infrastructure, representing a smarter use of energy.

The strengths of clouding computing are remarkable.16_{For example, the} ability to scale up services at very short notice avoids the need for underutilised servers in anticipation of peak demand. Similarly, it has the potential to reduce infrastructure costs, energy savings and upgrade and maintenance costs. Cloud computing services allow organisations to control when, where and how employees have access to the organisation’s computer systems, all managed over a simple web-based interface.

Marston states many reasons for cloud computing use.17_{The most quoted} incentive is the potential cost savings. Cloud computing can provide almost immediate access to hardware resources, with no upfront capital investment for users. It can dramatically lower the cost of entry for smaller firms trying to benefit from compute-intensive business analytics that were hitherto available only to the largest of corporations. Furthermore, cloud computing can lower IT barriers to innovation. It can also make it easier for enterprises to scale their services. Likewise, it makes it possible for new classes of applications and delivers services that were not possible before.

16_ibid.

17_{S Marston, Z Li, S Bandyopadhyay, J Zhang, J and A Ghalsasi, ‘Cloud computing: The business perspective’ (2011)} 51 (1) Journal Decision Support Systems, 176.

(32)

30

2.3. Short history

As far as the term cloud computing is concerned, it is believed that in 1997, Chellappa, Professor at the University of Texas, was the first scholar to use this term publicly.

According to Banerjee the ‘idea phase’ of cloud computing began in the 1960s, as soon as computing as a utility model began to develop. However, in effect, even when the rise of the personal computer took place between the 1970s and 1980s, data were stored on mainframe computers, dumb terminals or bureau processors, and not in remote or centralised locations.18_{In the 1990s we saw a rise} of the advent of networking and the business Internet. The ‘pre cloud phase’ was developed from 1999 to 2006, when the great expansion of the ‘world wide web’ helped to interconnect the world, and the Internet was able to provide many applications as services. It is worth mentioning that in 2001, the Software & Information Industry Association (SIIA) published a paper using the term Software as a Service (SaaS). In 2003, Nicholas Carr published an article in the Harvard Business Review and stated that IT would soon become a commodity and a utility like electricity and water. Finally, the ‘cloud phase’ started in 2007, ‘when the term cloud computing became popular and the subclassification of IaaS, PaaS & SaaS got formalized’.19_{The important performers of this industry are Salesforce (precursor} to SaaS), Amazon (pioneer to IaaS), Google (Google Docs provides a virtualised office that can be accessed for free from any Internet-connected computer, and Google App Engine offers low cost computing and storage services), Microsoft and IBM. In 2008 for the first time cloud computing was pointed out in Gartner Hype Cycle as an emerging technology. In 2010 the commercial version of numerous cloud services were released, with many improvements such as Amazon Web Services (AWS), Google App Engine and Microsoft Azure.

18_{U Banerjee, ‘The Evolution of Cloud Computing’ [2011] 8 Cloud Computing Journal} <http://cloudcomputing.sys-con.com/node/1744132> accessed 31 October 2012.

(33)

31

2.4. Key stakeholders in the cloud transactions

The main stakeholders in cloud computing transactions are, fundamentally, the end-user, that can be customer or consumer, and the provider. Generally speaking ‘it includes services provided to the general public and to other businesses. It covers both business-to-business services and the businesses that are built on top of cloud services and offered to the general public’.20

As to what concerns an end-user’s definition, there are many types of customers or consumers, such as private individuals, SMEs, big corporations, governmental and non-governmental organisations. It is noteworthy that the term ‘customer’ is wider than ‘consumer’. This question is going to be discussed in Chapter 5. The relations between business to business are usually established on a basis of ‘customer’, but accordingly to the Brazilian legislation, namely the Consumer Protection Code (CDC) it is possible that some businesses qualify as consumer. Also, this issue will be explained later. The provider can be a natural or a legal person that offers a cloud service to the end-user. A narrower definition provided by the ‘Cloud Computing Study for the European Parliament’s Committee on Internal Market and Consumer Protection’, describes a cloud provider as ‘a company that provides a cloud-based platform, infrastructure, application, or storage services to other organisations and/or individuals, usually for a fee.’ 21_The definition reflects the current status of a provider, but does not mention the possibility of being a natural person offering a cloud service, nor does it consider the cloud transactions where a fee is not required because they are indirected remunerated, like those based on an advertising-pricing model.

Cave points out a large variety of stakeholders of this technology, classifying them depending on the distinct roles that they play, namely: i) cloud service providers, who host and manage infrastructure and offer different service models to cloud-hosted service providers, cloud consumers, cloud service brokers or cloud resellers; ii) cloud service brokers, who concentrate on the negotiation of

20_{‘Guide to Cloud Computing for Policymakers’ (2011), Software & Information Industry Association White Paper,} 3, <siia.net/index.php?option=com_docman> accessed 21 December 2013.

21_{Policy Department Economic and Scientific Policy, ‘Cloud Computing. Study for the European Parliament’s} Committee on Internal Market and Consumer Protection’ A Fielder et al, (2012) IP/A/IMCO/ST/2011-18.

(34)

32

relationships between consumers and providers without owning or managing the whole cloud infrastructure; iii) cloud resellers, who are chosen by the cloud providers to offer cloud services across different countries or in a particular region; iv) cloud-hosted service providers that develop software applications and make available to other users of cloud platforms, and when they are doing so, they are cloud consumers as well; and lastly, v) cloud end-users or consumers are the largest category as far as even cloud service brokers, cloud resellers, cloud-hosted service providers and cloud service providers can belong to this category as customers of another cloud service provider, broker or reseller.22

2.5. Differences and similarities of cloud computing with other types

of information technology services

Some authors argue that the existing technologies that cloud computing concepts rely on are not new, for example, distributed and utility computing and access to resources on a pay-per-use basis. They argue that it is an old technology supported in a new form or in a new model of networked computing.23

Ryan, Merchant and Falvey state that:

In fact, cloud computing has been the aspiration of leading thinkers since the 1950s, and the development of the cloud has taken a similarly progressive path as the development of the Internet itself. It is risky to attempt to regulate the cloud separately as well to assume that the ‘cloud’ can be controlled in a different manner from the flow of data on the Internet.24

Marchini highlights that, ‘at least one of the types of Cloud services (Software as a Service SaaS) might be nothing particularly new from what has gone before but

23_{See L Ellison and R Stallman in R Marchini, Cloud Computing A Practical Introduction to the Legal Issues (British} Standards Institution BSi 2010), 3.

(35)

33

with one important distinction – the distinction of scale’.25_{Also, Lewis emphasises} that the difference between IT outsourcing and cloud computing services ‘is currently not one of great substance, but of degree’.26

On the other hand, for some authors, cloud computing is a new form of outsourcing, with unique features.27_{According to Hon and Millard:}

…cloud computing represents a new way to outsource IT resources. With SaaS, the outsourced resource is application software, running on remote servers rather than being installed locally; with IaaS, computing hardware (servers, storage devices etc.); with PaaS, hardware plus a development and hosting software platform.’28

They mention, however, that the only exception is related to the private clouds because they are self-hosted and self-managed.

As Navetta claims,

One of the key differences between a traditional outsourcing relationship and cloud computing is where the data resides or is processed. For example, in a traditional outsourcing situation, a company looking to offload some of its data storage would create a dedicated data center and then sell the storage capacity to its clients. The data center might be in another country, but for the most part the client knew where its data was going and where it would be sorted and processed. In a cloud environment, geography can lose all meaning.

25_{R Marchini, Cloud Computing A Practical Introduction to the Legal Issues (British Standards Institution BSi 2010),} 3.

26_{M Lewis,‘Information Technology Outsourcing and Services Arrangements’, in C Reed (ed.), Computer Law (7}th edn., Oxford University Press 2011), 211.

27_{Although cloud computing is a new form of outsourcing, many traditional outsourcing concerns and issues} equally applies to it. Question such as, which rules are applied to a new business model when an organisation decides to placing key client data offshore or his/her data into the cloud continue to arise, as previously. 28_{K Hon and C Millard, ‘Cloud Computing vs. Traditional Outsourcing – Key Differences’ (2012) 23 (4) SCL Society} for Computers & Law, 1 <http://www.scl.org/site.aspx?i=ed28054> accessed 26 October 2013.

(36)

34

Cloud platforms may not be able to tell ‘where’ data is at any given point in time (….) What this also means is that data in the cloud is often transferred across multiple borders, which can have significant legal implications.29

In fact, cloud computing domains can be understood as a set of combined technologies, and for this reason it has been frequently confused with other terms, such as grid computing (or distributed computing), cluster computing, utility computing, web services and high performance computing. Grid computing (or distributed computing) and utility computing can be understood simply as types of computer technology which help the development of cloud computing. Utility computing represents a business model for on-demand delivery of computing power, that can be switched on and off almost like electricity, water or telephony, and in a similar way to Infrastructure as a Service (IaaS). It is a packaging of computational or storage device. Cluster or distributed computing is a kind of network where a capacity of a great number of computers accessed through a network is available to particular types of users.30_{Grid computing generally refers} to a network that connects different and independent computers to work together in a computational mission. 31

2.6. Definition and characteristics of cloud computing

Currently, there are many definitions to describe cloud computing, however, some definitions are very general to cover all the Internet devices, or very specific, considering either a technical or a business aspect only.

One technical commonly cited and largely accepted definition is provided by the United States Government’s National Institute of Standards and Technologies (NIST), which in its 16th_{and final report related to this area in 2011:}

29_{D Navetta, ‘Legal Implications of Cloud Computing – Part One’ (Information Law Group, August 16, 2009)} <www.infolawgroup.com/information_law> accessed 11 September 2012.

30_{R Marchini, Cloud Computing A Practical Introduction to the Legal Issues (British Standards Institution BSi} 2010).

(37)

35

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.32

A recent report on the future of cloud computing published by the European Commission33_{criticises this definition arguing that it reproduces the common} understanding of cloud computing, where some technological and economic challenges, such as an appropriate model for cost calculation, metering and so on, are still not properly addressed. It concludes that, ‘current definitions reflect the status, but neither the intention behind CLOUDS, nor the direction into which they will (or should) develop’. 34

Also, Cave argues that this NIST’s definition very narrowly articulates the technological qualities of cloud computing and recognises that cloud computing is essentially an approach or model encompassing a variety of aspects, and not a technology wholly in itself.35

In fact, the great majority of cloud computing definitions essentially mention the different understandings, goals and perspectives; either of the developers, of the users or of the providers, each clearly highlighting the aspects that are relevant to their domain. Bradshaw, Millard and Walden recognise this reality:

… it was noted that different definitions placed a differing degree of emphasis on particular aspects of the Cloud computing model. One explanation might be that this is a reflection of the perspective of

32_{P Mell, and T Grance, ‘The NIST Definition of Cloud Computing’ (2009) Computing Security Resource Center} <http://csrc.nist.gov/groups/SNS/cloud-computing/> accessed 2 December 2011, updated and published in 2011, (SP 800-145), is available at http://csrc.nist.gov/publications/PubsSPs.html#800-145.

33_{European Commission, ‘Advances in Clouds Research in Future Cloud Computing’, Schubert, L and Jeffery, K} (eds.) Expert Group Report, Public version 1, European Union, 2012, 19.

34_ibid.

(38)

36

whoever is producing the definition, which may be based on the nature of their legacy or other business interests. Providers may tend to emphasise the manner in which the Cloud service is delivered (for example, a shared pool of resources) whereas a definition from the viewpoint of customers may instead emphasise the features of the service (for example, scalable resource use and utility-model billing).36

In their research they propose a useful definition of cloud computing that has since been adopted in the Cloud Legal Project at the Centre for Commercial Studies, Queen Mary University of London, which aims to be neutral with respect to the above features. According to this definition:

 Cloud computing provides flexible, location-independent access to computing resources that are quickly and seamlessly allocated or released in response to demand.

 Services (especially infrastructure) are abstracted and typically virtualised, generally being allocated from a pool shared as a fungible resource with other customers.

 Charging, where present, is commonly on an access basis, often in proportion to the resources used.37

Recently, Hon and Millard define cloud computing in simple terms, as ‘a way of delivering computing resources as a utility service via a network, typically the Internet, scalable up and down according to user requirements. As such, the cloud may prove to be as disruptive an innovation as was the emergence of cheap electricity on demands a century or so ago.’38

36_{S Bradshaw, C Millard, and I Walden, ‘Contracts for clouds: comparison and analysis of the Terms and Conditions} of cloud computing services’, (2011) 19(3) Int. J. Law Info Tech, p. 187.

37_{ibid. See the authors of this article, when they affirm that: ‘This definition is intended to highlight those aspects} of cloud computing that are central to the concept whilst distinguishing (via qualifiers such as ‘typically’ or ‘generally’) those which are common but neither essential nor ubiquitous. It also briefly notes the technology that more than anything else has facilitated the development of cloud computing: virtualisation’.

38_{K Hon and C Millard, ‘Cloud Technologies and Services’ in Millard C (ed.), Cloud Computing Law (Oxford} University Press, 2013), 1.

On the regulation of cloud computing contracts / Clarice Marinho Martins de Castro

“ON THE REGULATION OF CLOUD COMPUTING

CONTRACTS”

CLARICE MARINHO MARTINS DE CASTRO

UNIVERSIDADE FEDERAL DE PERNAMBUCO

CENTRO DE INFORMÁTICA

PÓS-GRADUAÇÃO EM CIÊNCIA DA COMPUTAÇÃO

CLARICE MARINHO MARTINS DE CASTRO

“On the regulation of cloud computing contracts "

Acknowledgements

Resumo

Abstract

List of Tables

List of Acronyms and Abbreviations

Abbreviations

Acronym

Table of Legislation

Table of Contents

Chapter 1

Introduction

1.1. Motivation

1.2. Problem formulation

1.3. Research objectives

1.4. Contributions

1.5. Publications

1.6. Methodology

1.7. Structure of the thesis

Chapter 2

Key aspects of cloud computing

2.1. Introduction

2.2. Importance of the cloud computing industry

2.3. Short history

2.4. Key stakeholders in the cloud transactions

2.5. Differences and similarities of cloud computing with other types

of information technology services

2.6. Definition and characteristics of cloud computing