Book Review: Cloud Computing Law

March 28, 2014

One of my many prejudices is against the wrapping up of old concepts in new clothes and pretending that they are ground-breaking. The greater the excitement, the more stuck in the mud I become. I like to think that I am capable of recognising the genuinely new and exciting but there is some evidence that I stay stuck in the mud until the need to escape the charging herd of buffalo becomes acute.

Just as, in another century, I was quick to say that computer and IT law was no more than the application of old concepts to new situations, and not really a field of law at all, so I was keen to say that the Cloud was just SaaS in new apparel – not even genuinely new but dyed and with a few sequins added. But that was some time ago – I saw the herd of buffalo coming out of the Cloud some time ago and have been assiduously collecting articles on the subject for some time – to the point where the designer of Computers & Law complained about yet another cloud picture cover. This new book has convinced me that we have still only scratched the surface of the Cloud in the many articles in the magazine – our designer may have to add to his stock of cloud-related portfolio.

Christopher Millard meets those still stuck in unhealthy scepticism about the cloud head-on in his introduction, stating that most of the applicable law is not new law but that ‘applying existing legal concepts and rules to cloud computing gives rise to various complex and challenging issues’. The rest of the book amply supports that statement, covering complexities and challenges arising from the Cloud, many of which were a revelation to me.

The book is the ‘synthesis’ of the findings of the Cloud Legal Project, a unit within the Centre for Commercial Law Studies at QMUL. The chapters of the book are attributed to W Kuan Hon, Simon Bradshaw, Ian Walden, Chris Reed, Alan Cunningham, Julia Hörnle and Laisse Da Correggio Luciano, as well as Christopher Millard himself.

There are four parts: Cloud Computing Essentials, Cloud Computing Transactions, Protection of Personal Data in the Clouds and Cloud Regulation and Governance. While we are told that ‘space will not permit a detailed exploration of the many ways in which cloud computing technologies and services may be used, and the legal consequences that can ensue’, it is hard to see what is missing. Indeed, together with the excellent exposition of cloud basics in Part I, the strength of the book for me is that it covers vast areas full of ‘challenges’ and invariably offers answers to those challenges  not just a series of empty questions. The chapters on ‘Which Law(s) Apply to Personal Data in Clouds?’ and ‘Consumer Protection in Cloud Environments’ exemplify this with highly pertinent comments, suggesting for example that many difficulties in the consumer context arise from a failure on the part of service providers to recognise their offerings to consumers as having any real status compared to those offered to businesses.

Having said that the book offers ‘answers’, I have to make it clear that this is not a practitioner’s book. So far as I know, no practitioner’s book on cloud computing exists. But the cloud computing landscape is changing with such great rapidity that the distinction between an academic text and a text of use to practitioners is a fine one. Practitioners operating in the cloud computing area, and especially those many soon to be swamped by it, will benefit greatly from many chapters here. The material on transactions is especially strong. There is original research which is very fully and cogently summarised and detailed analysis too. For example, the material on ownership of information in the Cloud seems to cover every base. It may be that Christopher Millard’s varied career, having worked with distinction in practice before a return to academia, is reflected in a practical focus. Moreover, without having researched each contributor’s background, I do know that a number have strong technical IT knowledge or experience in practice, and this too shines through the pages of this work.

And it is worth pointing out that the paperback is priced at just £34.95 – a snip by the standards of any practitioner book.

Another positive is that Cloud Computing Law seems to have neatly side-stepped the reviewer’s easy criticism of any book focusing on a fast-developing area, namely that it is not up to date. The numerous cloud computing issues are dealt with in the context of carefully chosen examples that have not been shorn of meaning by time – that is no mean feat when, in the cloud computing world, time is measured in dog years x 10.

This book does deserve criticism under one head – its addiction to abbreviations leaves it with a key/glossary of nearly three pages. My favourite is ‘GSMA’ which the key reveals stands for GSM Association, though that term is used only once in a footnote; we are never told what GSM stands for.

But, abbreviations apart, Cloud Computing Law comes highly recommended for those interested in this area of IT law.

Laurence Eastham edits Computers & Law.