dpiit, mci chair on intellectual property rights & centre
TRANSCRIPT
1
DPIIT, MCI Chair on Intellectual Property Rights &
Centre for Intellectual Property Rights Research and Advocacy
National Law School of India University, Bangalore
“Analysis of IPR Challenges of Cloud Computing and Ways to
Overcome the Issues”
Under the Guidance of
Prof. (Dr) T. Ramakrishna,
MCI Chair Professor on IPR
Submitted By
Prapti Bhattacharya
Asian Law College, Noida
2
CERTIFICATE
This is to certify that Prapti Bhattacharya, student from Asian Law College, Chaudhary
Charan Singh University, Meerut, Uttar Pradesh; has successfully completed and submitted her
report, Analysis of IPR Challenges of Cloud Computing and Ways to Overcome the Issues.
This has been submitted in fulfilment of her internship at the Centre for Intellectual Property
Research and Advocacy (CIPRA) during the month of 15th
November to 15th
December, 2020.
Bangalore, 28th
December, 2020
Prof. (Dr.) T. Ramakrishna
DPIIT, MCI Chair Professor of IPR
Mr. Jnana Teja Bandi
Research Associate
3
DECLARATION
Certified that this research work is my original work and I have not borrowed any material from
other‟s work nor have I presented this partly or fully to any other institution/college/university.
I have completed with all the formalities prescribed in this regard
Date: 28/12/2020 Signature:
Place:Kolkata, W.B. Name: PRAPTI BHATTACHARYA
4
Analysis of IPR Challenges of Cloud Computing and Ways to
Overcome the Issues
PRAPTI BHATTACHARYA
ASIAN LAW COLLEGE, NOIDA
ABSTRACT
Can a human made technology work better than a human? Artificial Intelligence is that technology
which has adapted and adopted the rational methodology to function as human nervous system
faster than humans.
This article has given an in- depth analysis of the challenges in the field of “Cloud Computing”,
currently an inseparable part of AI. Although it is quite cost effective for the data storage and
processing function but the global reach of cloud technology makes personal data vulnerable. This
data set can be shared with third party even without their consent. Presence of third party for storing
data, scarcity of professional overview, lack of legal compliance and control, negligence of cloud
service providers have made us realize about the importance of privacy and data protection laws.
Only a critical advancement, organized management, and experts‟ entanglement can lessen IPR in
the application procedure, arising due to difference in the international laws.
It is high time for India to frame stringent privacy laws to solve issues related to cloud computing.
Thus the primary objective of this essay is to understand the impact of cloud computing and AI to
carve out probable solutions.
Keywords- Cloud Computing, Intellectual Property, Privacy Infringement, Trademark,
Copyright, Patent.
5
Table of Contents
1. Introduction
2. What is Cloud Computing?
2.1 Basics of the Cloud Computing
2.2 Types of Cloud Computing service
3. Technological evolution of Cloud throughout the world
3.1 Growing trend of cloud adoption in India
4. Privacy General Data Protection Laws
5. Challenges and IP infringement pattern of Cloud Computing
a. Patent infringement
b. Copyright infringement
c. Trademark infringement
d. Trade secret infringement
6. Challenges and IP infringement pattern of Cloud Computing
7. Recommendations to solve the legal challenges
8. India‘s evolution in Cloud technology
9. Conclusion
6
Research methodology:-
The questions addressed below, have been dealt here for better analysis of the situation:
How the IT sectors, government agencies, educational institutions have adopted cloud
computing system in India and in abroad?
What are the personal data protection laws implemented nationally and internationally to secure
the information of the cloud users?
What is the scope of Intellectual Property Rights Infringement related to Cloud and what are its
implications?
Recommendations to overcome the problems.
7
“Digital technology, pervasively, is getting embedded in every place: everything, every
person, every walk of life is being fundamentally shaped by digital technology — it is
happening in our homes, our work, our places of entertainment. It‘s amazing to think of a
world as a computer. I think that‘s the right metaphor for us as we go forward.‖
– Satya Nadella
Nadella, CEO of Microsoft
1. Introduction:
In this ultra modern digital era, Cloud Computing is one stop solution for most of MNCs‟, research
organizations because not only it makes the mobile and computer work easier giving multifold
advantages for storing and harmonizing uncountable information across unnumbered devices but
also it provides a seamless service enabling cross- border transactions, removing the shackles of
physical world.
But when we start protecting Intellectual Property Rights, Cloud Computing bring up a whole new
range of concerns since it has the power of controlling the proliferation of data across international
boundaries, and this concern is heightened up when cloud deals with the original work of authors,
or with confidential information and that creates the risk of infringing copyright, patents and trade
secrets and the result of such infringement is mostly catastrophic.
In this article we will try to analyze the basics of cloud computing and IPR challenges associated
with it.
2. What is Cloud Computing?
Cloud computing has been developing as one of the most useful contemporary concepts in
computer and information technology services recently.
Simply the storing and accessing of data and programs over the internet without using the internal
storage of the machine is termed as CLOUD COMPUTING. In this phrase, the word "cloud" is
just an analogy in place of the word “internet”.
But every technological development comes with some legal implications as well and likewise,
when data are stored in the cloud, several legal problems, including intellectual property issues
arise for both cloud computing providers and users. One of the most noteworthy features of cloud
8
computing is that individuals or businesses may fend off the purchase cost, or the cost of
installment and managing the hardware and/or software.
2.1. Basics of the Cloud Computing:
The term "cloud computing" has no universal definition to follow but generally it has been depicted
as the delivery of computing service through the medium of internet. Before proceeding with the
further analysis, we must know some definitions, which are as follows:
Cloud computer user: A customer or user who may be an individual, a business, a government
agency or any other entity.
Cloud service provider: Likewise a cloud computer user, a cloud service provider may be an
individual, a corporation or a business, a nongovernment agency or any other entity.
Third party: A cloud service provider can be perceived as a third party, because it maintains
information about or on behalf of another entity.
Personal data: Any information that relates to a natural person, which singly or mixed with other
information, will be able to identify the person separately when it will be presented to a corporate
entity.
Privacy: It simply signifies freedom from any external interference.
2.2. Types of Cloud Computing service:
Software-as-a-Service (SaaS models): This allows the users to connect to and use few software
applications over the internet only, without storing and using the applications offline.
Platform-as-a-Service (PaaS models): This allows to access to a computing platform (e.g. Microsoft
Windows) on which different applications can be run or developed.
Infrastructure-as-a-Service (IaaS models): This allows the consumers to run and control any digital
platform as per their requirements.1
1
Steve Ranger, What is cloud computing? Everything you need to know about the cloud explained (2018),
https://www.zdnet.com/article/what-is-cloud-computing-everything-you-need-to-know-about-the-cloud/.
9
As the term "cloud" suggests, one of the adversities of cloud computing is that it is devoid of
precise location of hardware and data. The services may be provided to a client in a particular
jurisdiction, but mostly that data will be stored and processed at multiple locations, even in
different countries in the same or different jurisdictions and unfortunately the client may not have
any knowledge of where the data is stored or processed.
3. Technological evolution of Cloud throughout the world:
Predominantly Asian countries have shown a different exponentially increasing algorithm of
technological advancement using Cloud computing than any other continent. But some industrial
sectors are still left who didn‟t touch this technology yet maybe due to technicalities and
complexion attached with its usage. The graphical statistics below shows how the IT sectors of the
following countries have been implementing Cloud computing in their service.
(Source: National Science Board, Science and Engineering Indicators. (2018). Global R&D: One
Measure of Commitment to Innovation. [Data file and codebook] Retrieved from
https://www.nsf.gov/statistics/2018/nsb20181/digest/sections/global-r-d-one-measure-of-
commitment-to-innovation)
This data set is a clear proof of the fact that IT professionals have been gathering knowledge and
exposure to cloud computing with their augmenting experience in IT sectors. But the graph is
diminishing down at certain places too. We can assume that this is happening because the all-
encompassing growth of cloud computing took a bit longer time along with its understanding.
The next chart shows the discrepancy between cyber security education and experience
requirements and also proves the variance of the adequate knowledge and empiricism about cloud
computing of some IT professionals against those who still need to shun their skill more in the
10
international IT working environment to handle clients in diverse manufacturing business,
industries and associated service sectors.
2
Western countries have always been on the forefront of development since the renaissance period.
Likewise here also, the western countries have covered a vast dimension regarding application of
Cloud computing system not only in commercial functions but also in education, healthcare and
entertainment industries as well.
In the commercial sector, small and medium companies have adopted cloud computing frequently.
In the educational background, elementary, middle and high schools have espoused cloud
computing mainly. Among government sector, federal government has endorsed this model than
any other sector.
3.1.Growing trend of Cloud adoption in India:
2 David Leaser, The demand for cybersecurity professionals is outstripping the supply of skilled workers (2019),
https://www.ibm.com/blogs/ibm-training/new-cybersecurity-threat-not-enough-talent-to-fill-open-security-jobs/.
11
The following two graphs show that since independence, how India advanced in scientific research
and technological field, and accommodated new age technologies in each and every sector and even
in day to day life.3
4
4. Privacy General Data Protection Laws :
India has no definite legislation on data protection. However, the Information Technology Act
(2000) (―IT Act‖) is amended to include Section 43A and Section 72A, which provides a right to
compensation for unauthorized disclosure of personal information.
Currently India has a system of biometric based unique identification number for citizens called
‗Aadhaar‘ under Aadhaar Act, 2016; by which Government has access to basic personal
information of all the citizens. Since accessing such information is infringement of right to privacy,
recently in a landmark judgment of Justice K.S Puttaswami & another Vs. Union of India and
Ors,5 the Supreme Court of India has distinguished the right to privacy as a fundamental right under
Article 21 of the Constitution as a part of the right to “life” and “personal liberty” and
―Informational privacy‖ has been identified as an integral part of the right to privacy. The
Supreme Court stated for the first time that every resident of India should have the right to regulate
commercial use of his or her identity.
3 Sriyansh Jain, India‟s Move To Adopting Cloud Services In The Public Sector Is A Game Changer (2019),
https://analyticsindiamag.com/indias-move-to-adopting-cloud-services-in-the-public-sector-is-a-game-changer/. 4
NASSCOM Cloud: Next Wave Of Growth In India 2019, , https://nasscom.in/knowledge-
center/publications/nasscom-cloud-next-wave-growth-india-2019 5 WRIT PETITION (CIVIL) NO 494 OF 2012
12
The Government of India established a drafting committee which proposed a draft law and the
Government of India has introduced the Personal Data Protection Bill 2019 (―PDP Bill‖) based
on this draft only. This can be termed as first law enacted by India on the protection of personal
data and it will nullify section 43A of the IT Act.
This set of laws easily point out that the privacy law in India is obtained from the fundamental
rights set out in the Indian Constitution. Every law is set on the basis of “physical privacy” against
the attack by public authorities. But to adjust with the changing scenario and the overgrowing
virtual world, there is still no strict enforcement to protect the public and private data.6
5. Analysis of the international legal principle:
The Directive 95/46/EC of the European Parliament and of the Council of the European
Union (of 24th October 1995) applied to cloud computing and talks about controller of data, the
scope of authority, and what happens when data is transferred outside the EU. While Cloud
computing focuses on the reduction of direct control over data; on the other side the EU legislation
goes on talking about controlling of data. Also, The Health Insurance Probability and
Accountability Act, (HIPPA) of 1996 controls the storage, usage and leakage of the Protected
Health Information (PHI).
The Financial Privacy Rule of Gramm–Leach–Bliley Act of 1999, puts the chill on the financial
organizations to send out notices to each customer with a describing the data collected about the
consumer, where that data may be shared, how that data is being used or would be used in future,
and also the clauses which talks about the data protection.
While the main concern is protection of personal data from cloud main server, it is very hard for
both cloud users and cloud service providers to identify those specific data which are accessed by
government and the time of such access too. Even Government can‟t be reprimanded for this
overall surveillance because controlling some data is required prior to analyze bigger cyber attack
to maintain the integrity and national security.
6 Michael Nadeau, General Data Protection Regulation (GDPR): What you need to know to stay compliant (2020),
https://wfww.csoonline.com/article/3202771/general-data-protection-regulation-gdpr-requirements-deadlines-and-
facts.html.
13
In USA, Cloud data is controlled by the Electronic Communications Privacy Act (―ECPA‖),
1986; but government can locate it easily showing ECPA court order to the cloud service provider.7
The US government enacted a statute named Protect America Act, 2007 to get hold of any digital
information without a prior warrant.
Through Prism Internet Surveillance Program (PRISM), 2008; the US government acquired
huge amounts of private communications of natives, their saved photographs, emails, any detail of
data, money transactions, all data are saved on various social media platforms, from both domestic
and foreign providers. This has advanced numerous questions on the confidentiality issues of cloud-
based services.8
6. Challenges and IP infringement pattern of Cloud Computing:
This study is a qualitative and quantitative analysis of cloud computing and its embracement and
utilization in different sections of commercial firms and other institutions.
The challenges in this field are so vast that it cannot be jotted down in a single piece of writing but
the author has tried to discuss the IP infringement issues in the following manner.
a. Patent infringement
If we look into the Canadian patent system, we see that here the patentee has the exclusive right to
make, use and sell an invention in his country only. However, this system won‟t be applied in case
of cloud computing systems because it is not territorial in nature and it may extend across
international borders and this cause trouble to patent owners or licensees who are trying to confirm
their patents against probable infringements.
First, it is highly difficult to identify the activities which pertain to infringement. If a particular
patent is issued in France, but a competitor's cloud computing service uses tools to perform some or
all of its data processing outside of France, the French patent(s) may not be infringed. Since the
"cloud" contains the parts and parcel of multiple countries, the laws of other countries are required
to be considered.
7 Leighton Johnson, Security Controls Evaluation, Testing, And Assessment Handbook (2015).
8T. C. Sottek & Janus Kopfstein, Everything you need to know about PRISM (2013),
https://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet.
14
Second, cloud computing systems generally consists of several components, which are operated by
a different party from different places. For example, while the data storage servers may be owned
and run by one company, the main system components, processing data from those data storage
servers may be owned and operated by another company. These components again get transferred
to yet another company or companies, who then use(s) those to deliver services to users. Since
several parties are involved in the whole processing and management of the components, most of
the time, all the parts of a single invention are not exploited by a single party.
Third, as we have seen earlier the data storage and processing of cloud computing program occurs
at different places, reverse engineering from the user's end to detect infringement is difficult in
general. That is why here the technical setup of a service provider's is not accessible to the public
which will allow them to disclose the patent infringement.
From the points aforementioned it is clearly illuminated that we need to consider some solutions
from client-side elements of a cloud computing system to be eligible for patent protection or for IP
protection. Operations at the client-side can be narrowed down fast because of its sectarian nature.
However, it is quite important to detect the potential infringers first while ensuring protection for
client-side elements of a cloud computing system. This measure is important on different
company‟s part because no company will wish to avow patents against the users of a cloud
computing service, since that may estrange those users from becoming future customers. 9
a.(I)Action Plan for Protection of Cloud-Related Patents:
Now here we need to discuss the rising importance of PAEs (Patent Assertion Entities, businesses
who litigate their patents but generally don‟t otherwise use their patented technology) because it has
been observed that compensations awarded for PAEs are almost four times higher than granted for
other patent claimants.
Since the economic value of cloud is rising day by day, the cloud customers are preparing
exclusively interesting targets for PAEs because customers usually don‟t have the same level of
knowledge to understand the difficulties of cloud as cloud service providers (CSPs), and also
9 'Cloud Computing Patent Litigation Trends – Competitor Cases, Open Source Targets, Cloud Customers | JD Supra'
(JD Supra, 2018) <https://www.jdsupra.com/legalnews/cloud-computing-patent-litigation-23203/>
15
because they are less prepared to fight an IP suit, and have very less incitement to solve an IP
disputes for others.
This is the reason why cloud patent claim risk is being accommodated by the largest global CSPs in
their cloud service agreements.
Microsoft has already introduced Azure IP Advantage programme with uncapped indemnification
for its Azure cloud services and Google in its Cloud Platform Terms of Service seeks to exclude
open source software entirely from its IP infringement indemnification.
In Amazon Web Services‘ (AWS) Customer Agreement, section 10 states that AWS does not
offer any IP protection for its services in the standardised manner.
Currently all the largest CSPs are starting to use the cloud patent risk explicitly in their contract
terms and it is the most promising evidence that this PAE-fuelled risk is being of relevant
importance to the IP infringement issues. Cloud customers, and their regulators in regulated sectors
in India, should take note as well.
b. Copyright infringement
Copyright laws vary from one territory to the other. The copyright infringement is a subjective
topic which will vary with each and every country. Therefore, just like the patent infringement,
detecting copyright infringement from different locations becomes laborious and burdensome than
it would be from a single jurisdiction. For example, if a copyrighted work is copied and distributed
by an Indian user, after the expiry of 60 years i.e. the period of protection, the action would
continue violating the US Copyright laws where period of protection is 70 years. 10
Hence the
international jurisidiction is a matter of concern in determining the copyright infringement issues.11
The other issues are as follows,
10
Vijay Pal Dalmia, 'Copyright Law In India- Everything You Must Know'
<https://www.mondaq.com/india/copyright/655852/copyright-law-in-india-everything-you-must-know> 11
'Copyright Law In The United States' (Bitlaw.com, 2020)
<https://www.bitlaw.com/copyright/index.html#:~:text=Copyright%2>
16
i. The use of copyright is itself cloudy because it is generally assumed that the owner of the
copyright has the power to control the display of their owned material. Search engines like
Google copies author‟s work as well but that is done for better referencing and it is considered
as non display use. But the cloud providers copy the works for commercial use of other‟s
works and make duplicate copies of such personal works.
ii. Generally pure technological work such as the owners and the original producers of music files
enjoy a licensing right rather than a general ownership. In some countries individuals enjoy the
right to copy of music and film files for the personal use, but when the same files get uploaded
on cloud servers, it is difficult to decipher till which extent the distribution is permissible and
this can create a confusion about the liability of intermidiaries, who supply cloud services since
geographical limitations play a major role in spreading the copyrighted work which results in
ambiguity and dilemma of licensing rights, for companies and customers outside. 12
b.(I) Case laws
The copyright laws have been unpredictable determining the vicarious or contributory
liability of cloud service providers and the response of judiciary has been discussed in the
following cases.
i. In the landmark case of Penguin v American Buddha,13
the jurisdiction issue of copyright suit
has been vividly measured. Here American Buddha operated a website with the name Ralph
Nader Library and the information provided in the online library was promulgated from the
servers located in States of Arizona and Oregon. When the Penguin publishers found four of
their published books in the website, a cased was filed against American Buddha in the US
Southern District Court of New York for infringing Penguin‟s copyright. Here the defendant
said that the real infringement has occurred at the place where it was electronically copied. The
location of copying were Arizona or Oregon i.e. the server locations but the plaintiff filed the
suit in New York. That is why the New York Court dismissed the case due to lack of
jurisdiction.
12
Komal Chandra Joshi, Cloud Computing: In Respect to Grid and Cloud Approaches, ISSN: 2249-6645, IJMER, Vol.
2, Issue. 3, May- June 2012, pp 902-905
13
Penguin Group (USA) Inc v American Buddha, 609 F3d (2nd Cir 2010) (“American Buddha II”)
17
ii. In Religious Technology Center v. Netcom On-Line Communication Services Inc,14
the
court upheld that specific knowledge of the offence is important to prove the contributory
infringement.
iii. Following the same the court applied the concept of „substantial participation in copyrighted
material‟ in the Netcom case, because Netcom could not stop the worldwide distribution of
copyrighted material.
iv. The downsteam downloading is a grave issue in such scenario which is prevalent from the case
Arista Records, LLC v. Usenet.com, Inc.15
Here the defendant, USENET Network, termed as
“a global system of online bulletin boards”, were used by millions by users to post their
documents, texts and any other files including any music files. Here the Court stated that such
flagrant and unrestrained posting of contents has directly violated the copyright laws when over
the course of time, the already protected contents of the original authors and artists have been
uploaded and downloaded by users umpteenth time.
c. Trademark infringement
In this technologically evolving world Trademark infringement issue is applied in the digital sector
as well.
i. Extensive infringement
It means that a mark posted in a site is accessed worldwide, even by the countries where the
mark was not meant to be used. This can make the sign vulnerable to world wide
infringement.16
ii. Restrictive infringement
Generally a link is required to cause restrictive infringement between the use of the sign on the
Internet and the country in which the trademark requires protection and this infringement can
take place by the way of advertising, mail orders etc from the popular e-commerce sites like
Amazon, e- Bay etc.
14
907 F. Supp. 1371(1995)
15
2009 WL 1873589 (S.D.N.Y.) (June 30, 2009).
16 'Trademark Infringement In India - What Is It, Types, Penalties For Infringement' (Cleartax.in, 2020)
<https://cleartax.in/s/trademark-infringement-india> accessed 30 November 2020.
18
Keeping the worldwide trademark jurisdiction in mind, the judiciary need to determine a
definite way to use the link over internet, which does not barge in another country‟s Trademark
protection rights.
Along with this the judicial system can enable restricted access to particular users and they can
impose authority to refuse to deliver goods and services in a particular country. However the
owners of unregistered trademark do not get much protection in such scenario.
c.(I) Case Laws
i. The landmark case in this aspect is Inwood Labs. Inc v. Ives Labs Inc.,17
and it was applied in
the case of Tiffany (NJ) Inc. v. eBay Inc.,18
wherein Tiffany reported that the eBay users were
using eBay resources to sell replicated Tiffany products, the court used the Inwood test to
determine the criminal liability of the intermediary service providers and relieved eBay of its
liability due to lack of specific knowledge of the infringement.
ii. Contrarily the court used this Inwood test in a different sense, in Louis Vuitton Malletier, SA
v. Akanoc Solutions, Inc.,19
to determine the liability of Akanoc Solutions Inc, for
exploitation of Vuitton‟s trademarks and copyrights because Akanoc used Louis Vitton‟s server
space, IP addresses without any permisison and provided the same to foreign resellers who
produce and sell spurious Vuitton goods.
iii. These two distinct cases prove that to get rid of the liability of trademark infringement, one
should have the specific knowledge of the offence and the service providers should keep in
mind that services must be stopped right at the moment of getting notified of the infringement.
c.(II) Action Plan for Protection of Cloud-Related Trademarks and Copyrights
i. Select Your Trademark(s):
At the beginning, determine a name for your goods, services, tag lines, and/or company.
17
456 U.S. 844, 854 (1982)
18
600 F.3d 93 (2d Cir 2010)
19
658 F.3d 936 (9th Cir. 2011
19
Example- one might select the term “Cloud” in the brand name, e.g. SYMBI CLOUD
COMPUTING, but provided the descriptive and generic characteristics of the term “CLOUD
COMPUTING” it won‟t be possible to claim exclusive rights to these terms. So trademark or
trademarks must be selected in the way so that they would not only describe a feature or
characteristic of your goods or services.
ii. Trademark Research:
After selection of the name, it must be checked whether trademarks are available to be
registered by conducting a trademark clearance report for each trademark. This clearance report
will give the information that trademark(s) are likely to be registered or whether they will be
refused for standing too similar to other already registered trademark along other grounds of
refusal.
iii. Register Your Trademark(s) & Copyright(s):
Registration is very important step because it will help in preventing infringement of the goods
or services and it may also assist in shielding against allegations of infringement suits. In the
same way the copyright need to be registered as well.
iv. Monitor for Infringement:
To be vigilant about monitoring for infringement of the trademarks and copyrights the
customers must create a system, or appoint an agency which expertises in the same, for
monitoring trademarks filed with Patent and Trademark Office, and routine searches need to be
conducted of the major search engines to make sure that the goods and services and the related
copyright and trademark rights are not infringement is not taking place.
v. Enforce Your Rights:
The moment infringement takes place, if the user has registered the trademark/ copyright
already, it is easier to stop the attack incurring less cost and one can get the infringing materials
removed from the search engines, and social media sites because such sites have their separate
20
policies that preclude infringement of another‟s rights on their servers. If they are not registered
generally the infringer gets more time and huge cost is incurred to stop the attack.
d. Trade secrets infringement
Confidential data like formula, pattern, program, technique, device, method, or process; are also
termed as trade secrets and breaching of this secret brings serious repercussions. Before uploading
confidential data to the cloud, a user should consider what sorts of confidentiality clause will be
followed by the cloud storage service provider. The users need to check if somehow the sub-
contractors also get hold of such confidential information from such service providers because here
the extent of encryption can only prevent preliminary naive access but it is hard to prevent the
attack by proficient hackers who are expert in decrypting all the hidden codes. A thoughtful and
sincere user of a cloud storage service should also contemplate the consequences that will take
place after the termination of the cloud storage service between the user and service provider.20
It is yet to be determined that whether the information can be terned as trade secret if it is stored in
the cloud. Still no austere rules have established which can give extra security to such highly
secretive information. The only recommendation will be not to store any confidential material in
the cloud.21
7. Recommendations to solve the legal challenges :
Following are the probable recommendations to remove the IPR breaches of Cloud Computing
discussed above.
i. Privacy Impact Assessment
Privacy Impact Assessment (PIA) is a predictive process of privacy audit containing a set of
questions and graded answers to examine how a particular activity will hamper the cloud user's
privacy. If any serious privacy issue arises then decision makers should be informed about it
to determine the next steps of completion the task.
20
Himanshu Sharma & Martand Nemana, Cloud Computing & IP Challenges (2016),
https://www.mondaq.com/india/it-and-internet/524422/cloud-computing-ip-challenges. 21
Robert B. Milligan and D. Joshua Salinas, 'A Brave New World: Protecting Information (Including Trade Secrets) In
The Cloud And Social Media' (2012) 21 NYSBA Bright Ideas.
21
This assessment method can help both public and private sector undertakings to evaluate the
infringement of personal privacy. PIA tools should be used as one of the multiple layers for
checking the breach of personal privacy because it has to be used by the organizers itself,
intermediary service providers won‟t have access to it.22
ii. Assessment of cloud design
Different phases of design like initiation, planning, execution, closure stages need to be
assessed separately to set high level privacy strategy. The planning stage should be used to
determine the input and output to strengthen the security and the execution phase should be
used to cancel last minute errors after chalking out the solutions. Privacy experts should get
adequate training to operate each of these phases seamlessly.
iii. Use of Privacy Enhancing Technology (PET)
PET should be use in accordance with the different privacy protection laws to segregate the
lacunas of privacy service of internet and the breaching tendencies of the network providers.
This technology should be used to eliminate the anonymity of the user‟s personally identifiable
information.
iv. Legal as a service
Legal-as-a-service (LaaS) should be used by Cloud Service Providers to implement their cloud
resources and services without the tension of infringing the law and it is applied at the super-
peer levels which provide protected service in super peer domain. This Cloud service policy
enhances the performance of SaaS on the automated security policy in virtual data centres.23
8. India‘s evolution in Cloud technology:
With the introduction of GI cloud, Meghraj, India has realized the importance of potential of the
cloud. From the cases discussed above, we have seen lack of jurisdiction has relieved the
defendants from their liability. The same is applied in India. Under the Indian Civil Procedure
Code, 1908, the defendant‟s liability is based on two principles: his place of residence and the place
where the cause of action arises. But it is unsure if the same can be applied in case of cloud service.
22
PRIVACY IMPACT ASSESSMENT (PIA) GUIDE (US Securities and Exchange Commission Office of Information
Technology 2007). 23
'Cloud Computing In The Legal Industry' (Directlaw.com, 2020) <https://www.directlaw.com/cloudcomputing.asp>
accessed 30 November 2020.
22
The Information Technology Act, 2000 deals with any kind of computer networks and data
infringement issues and the act does not held the service provider liable if any third party data is
provided by him if he can prove that he took reasonable care and protection to prevent the
breach.24
When the IPR infringement is concerned, we find that copyright infringement is safeguarded by
section 81 of the Information Technology Act but other IPR domain are left untouched.25
9. Conclusion:
In summary, cloud computing has brought up quite a new challenges to the IPR system.
Client-plus-cloud computing surely offers strong choices, flexibility, and also cost effectiveness for
industries as well as general consumers. But to enjoy the service without any hesitation, the users
must have the assurance regarding the security of private personal data available online.
In order to flourish online cloud computing, some jurisdictional, and issues of public policy must be
resolved too. Since the time of independence, the corporate privacy principles, industrial and
commercial service have strengthened our engagement to maintain the yardstick of security in our
online services which also enables the expansion of the economical value of cloud computing.
As we have seen, for preserving cloud breach, the privacy jurisprudence plays a very influential
role which may vary in respective countries and the concept of privacy may be perceived from
different point of views.
In the United States and England, data privacy forms a part of consumer law and fundamental
rights respectively but in India, “data privacy” is not strictly enforced as a statute, but under Article
21, the right to “life” encompasses right to “privacy” too.
24
Section 79, The Information Technology Act, No. 21 of 2000: Network service providers not to be liable in certain
cases.-For the removal of doubts, it is hereby declared that no person providing any service as a network service
provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention. Act, rules or regulations made thereunder for any third party
Explanation.-For the purposes of this section,- (a) “network service provider” means an intermediary; (b) “third party
information” means any information dealt with by a network service provider in his capacity as an intermediary;
25
Section 81: Provided that nothing contained in this Act shall restrict any person from exercising any right conferred
under the Copyright Act, 1957 or the Patents Act, 1970.
23
Working with the global legislation hand in hand, India is also struggling with the lack of legal
frameworks to safeguard personal data and privacy and it has already set the motion to draft a
stringent set of codified laws of data protection and privacy laws.
India requires a proper environment to develop technology awareness and prowess to build up the
confederacy between the public and private institutions, to compose a far- reaching legal system for
future technologies.