Data: the left luggage of Cloud computing
Termination comes from the Latin to end or to limit, but is termination really the end, or just the beginning of the end? When it comes to cloud computing, a premature termination is not often amicable or planned. It’s not so much the slow pull into the station with announcement that “this train stops here, all change, all change please”. Rather it’s more akin to physical ejection from a moving carriage – sans luggage.
There are of course questions as to why you left the train, and were you pushed or did you jump? The contractual terms your cloud provider is likely to offer will talk about the reasons you might be pushed, or even safeguard your right to jump. Perhaps the other train was going faster. Perhaps you didn’t buy a valid ticket. Perhaps you didn’t obey the rules, maybe they didn’t either. At the end of the day, as you sit on the metaphorical platform, the real question is where is your luggage now and how do you get it back?
Of course the left luggage in question is your data. Yet luggage contains many parallels with your data. For instance it’s almost certainly enormously more valuable to you than to anyone else, particularly the provider. It can be bulky, expensive even for the provider to store waiting should you turn up asking to reclaim it. It’s unknown even if you will ever reclaim it. It doesn’t belong to the provider, and if it contains personal data, without you as a passenger they have no authority to deal with it, but at the same time it would be pretty heartless to destroy it the second the ride was over. Then again, is it not legitimate to be able to request its destruction? It does, after all, belong to you.
How far can the analogy be stretched? How about being charged to retrieve it? Is that good service? Is that fair? Maybe so if you haven’t paid the full fare. But what if you also had to sign a waiver to get it, despite your appalling treatment? Or if having retrieved it you find that it’s been mangled beyond all comprehension, in a peculiar format that no one else can use. Is that fair?
An EC-backed initiative called SLALOM has examined this issue, among others, in the quest for a model cloud computing contract that is fair and balanced between the parties. Many of the contracts examined protected the provider adequately, ensuring that the user was obliged to delete any provider content in their possession, and explicitly stating parts of the contract, such as indemnification and confidentiality that survived termination. The majority also established a period, commonly 30 to 90 days in which the user could retrieve data, though often at the user’s expense.
SLALOM’s recommendation is that all cloud contracts should establish this grace period and include clauses covering the format of the data returned to ensure portability. When the contract is terminated due to provider breach or provider convenience then the provider should bear the cost, and vice versa. In no circumstances should data be held hostage: data recovery should not be conditional and residual disputes managed in separation from data retrieval. Finally, once the transfer period is concluded both parties should ensure that any remaining property or data belonging to the other party are definitively destroyed.
Have your say: How do you deal with your customer’s left luggage? What do you expect from your cloud provider?
SLALOM is opening a public consultation on their proposed model contract and SLA specification for Europe and welcomes feedback from across the industry: providers, users, lawyers, regulators. Access the full draft contract and join the debate at www.slalom-project.eu.
This work has received funding from the European Union under grant agreement No 644270.