This is a paper that is focusing on the Key data protection law issues arising in cloud services. The paper also provides links of the two cloud services to analyze in the paper.
Key data protection law issues arising in cloud services
Compare the standard terms of services for the following two cloud services:
• Amazon Web Service ‘AWS Customer Agreement’ https://aws.amazon.com/agreement/ and
• Salesforce Cloud Master Subscription Agreement https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/salesforce_MSA.pdf.
Using at least 3 clauses in the standard terms, explain which terms are more advantageous from the cloud customer’s point of views and why.
In your answer, please identify the specific clauses that you are comparing.
Give an overview or summary about the difference between the two contracts, even though the task involved a comparison of two contracts. The crucial difference between the two contracts is that Salesforce’s terms are generally more balanced and customer-friendly. In particular, generally Salesforce accepts more liability for its service and gives more warranties or indemnities including for service availability and SLAs, whereas Amazon excludes liability.
The idea is to be able to compare and give a view on which was better, as if you were advising a client or your company about which cloud provider to choose
Point out that generally some of the differences between the terms arise from Amazon providing IaaS and Salesforce SaaS
Your client wishes to store its employee data in an HR database it has created using a PaaS service. What are the key issues that you would consider in this situation and what are the key questions that you would ask your client or advise it to ask the PaaS provider? Discuss only issues and questions relevant to data protection law compliance.
This task involved applying the General Data Protection Regulation (GDPR) to personal data processing using a cloud service that potentially involves a sub-provider, particularly Article 28 General Data Protection Regulation
here are two parts to the question:
Identifying the key data protection law issues arising in this fact situation, and
Identifying relevant questions you would ask client (or the client should ask the provider) arising from the key issues identified.
It is not enough to know the law. State the basic issues, for example, why and how DP law applies in this fact scenario. (EU jurisdiction issue, whether personal data or not. Who was a processor and who was a data controller).
Please note that the term ‘personally identifiable information’ is used mainly in the US. In the EU, we use the term ‘personal data’ instead.
Second, a relevant question is whether the client is a controller subject to EU data protection law and whether the provider is the processor, etc. It helped to show that you’ve gone through the thought process logically and systematically in applying the law.