Foreign investment in cloud services is heavily restricted in China. For years, international cloud operators have been struggling to identify structures that address regulatory concerns, but at the same time enable a service delivery model that is consistent with international offerings. Teaming up with Chinese companies is not something new, but it has become a more prominent feature in the cloud space following certain regulatory developments in 2017, notably new licensing requirements issued by the Ministry of Industry and Information Technology (“MIIT”), China’s telecommunications industry and internet regulator, as well
On 25 November 2016, the Ministry of Industry and Information Technology, China’s telecommunications and Internet regulator, issued a draft Circular on Regulating Business Activities in the Cloud Services Market for public comment (“Draft Circular“). The stated aims of the Draft Circular are to improve the cloud services market environment and further regulate business activities in this sector. In addition to introducing a number of minimum service requirements that cloud operators must observe, the Draft Circular is of particular interest to the industry due to the rules it sets out for market
Cloud service providers are on notice: you are HIPAA business associates, even if you are unable to access the HIPAA protected information in your cloud. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released guidance making clear that cloud service providers (CSPs) that create, receive, maintain, or transmit electronic protected health information (PHI) are covered by HIPAA. The guidance is notable for its broad scope. Whether a CSP offers a simple cloud storage solution or a complex interactive application for managing electronic medical records, it
Cloud computing, one of the major technological advances of the early twenty-first century, has already brought about tremendous economic and social benefits. In essence, cloud computing takes advantage of the Internet to connect users to a vast “cloud” of interlinked servers, data storage systems, and other digital devices located all over the world. Whereas the user of a computer was once limited to the processing power, storage capacity, and programs within her own machine, cloud computing offers her seamless access to virtually unlimited power and data storage, along with applications
As legislators across the world grapple with the thorny issue of suppliers’ liability for digital content and online services, the Federal Trade Commission (FTC) in the U.S. has used its existing powers under the Federal Trade Commission Act, 15 U.S.C. to address the liability of equipment manufacturers in relation to the Internet of Things. ASUSTeK Computer, Inc (“ASUS“), is a Taiwanese hardware manufacturer that, among other things, sells routers, and related software and services, intended for consumer use. In August 2012, ASUS introduced and began marketing a feature known as
The FTC wants companies to listen. More precisely, the FTC wants companies to pay attention to and promptly to respond to reports of security vulnerabilities. That’s a key takeaway from the Commission’s recent settlement with ASUSTek (“ASUS”). In its complaint against the Taiwanese router manufacturer, the FTC alleged that ASUS misrepresented its security practices and failed to reasonably secure its router software. The Commission cited the company’s alleged failure to address vulnerability reports as one of the its primary concerns. The settlement reiterates the warnings contained in the FTC’s recent Start with Security
In May the announcement of the European Commission’s Digital Single Market (DSM) strategy received much attention. Our DSM Watch team is a multi-jurisdiction, cross-practice group working together to keep you informed as the initiatives under the DSM strategy roll out. In this post we look at the Commission’s current consultation on platforms, online intermediaries, data, cloud computing and the collaborative economy. It’s open until until 30th December 2015, so there’s plenty of time to have your say. Background For an overview of the DSM strategy take a look at our
We are seeing significant increase in the scale and complexity of outsourcing and technology procurement in the Asia region, as businesses look to modernise and build economies of scale into their regional operating platforms. Consolidation of platforms through regional outsourcing arrangements is often being pursued, not just to reduce costs, but also to gain competitive advantage. As regulation across the region becomes more rigorous and contracting models more complex, the legal counsel role becomes more critical to project success. To view a PDF of the full briefing please click here.
New operating models – new challenges As businesses in Asia grow in scale and complexity, they are increasingly turning to outsourcing and large scale technology procurement, including the deployment of cloud technologies, to support their operations and gain competitive advantage. These initiatives reflect both a maturing of operational strategies for businesses in the region and increasing cost sensitivity. At the same time, electronic data is becoming an increasingly valuable business asset in Asia, as it is elsewhere. “Big Data” does not just mean larger quantities of data – it means
The UK’s Information Commissioner’s Office (ICO) has published guidelines to businesses about the data protection aspects of cloud computing services. In particular, the guidelines seek to highlight that businesses remain responsible for how personal data is looked after, even if they pass it to cloud network providers. While cloud computing solutions have been around for a while, the ICO appears to be concerned that many businesses do not realise that they remain legally responsible for how their data is looked after, even after passing it to the cloud network provider.