Cloud computing as an object of legal regulation

Размещено на http://www.allbest.ru/

Yaroslav Mudryi National Law University

Cloud computing as an object of legal regulation

Yevlakhova E.R., Postgraduate Student at the Department of Civil Law No. 1



The article analyzes the main issues related to cloud technologies as an object of legal regulation. The author explores different approaches to understanding the concept of “cloud technology”, analyzing normative and doctrinal definitions. The basic scientific works on tendencies and problems of regulation of cloud technologies, and also the generally accepted understanding of the legal nature of cloud technologies are investigated. Based on The NIST Definition of Cloud Computing, the main features of cloud technologies have been identified. The article describes in detail all the advantages and disadvantages of cloud technologies. The question of the complexity of the relationship of the subjects of cloud computing in the content of legal relations is analyzed. The issue of virtualization of cloud technologies is considered.

The article considers gaps in the national legislation of Ukraine on the regulation of cloud computing, their thermology and workflow. An interesting issue raised in the article is that the use of cloud computing is best regulated in Ukrainian tax legislation. At the same time, the question of further implementation of cloud technologies in other promising areas is raised.

The author draws attention to the problem of the lack of normative definition of “cloud technologies” in the legislation of Ukraine, which slows down the possibility of wide application.

International legislation has also been studied. The article is devoted to the legal regulation of cloud technology processes in both EU and US legislation. The international acts on data protection, which are the main recognized regulators of digital information turnover, are listed.

The author of the article raises the issue of borrowing the experience of other countries in the field of legislative regulation of cloud technologies, the implementation of norms contained in international regulations in law. Of Ukraine.

The article also raises the issue of the use of cloud technologies in the business sphere, in particular in the economic sector.

Key words: cloud computing technologies, IT sphere, information systems.



ХМАРНІ ОБЧИСЛЕННЯ ЯК ОБ'ЄКТ ПРАВОВОГО РЕГУЛЮВАННЯ

У статті проаналізовано основні питання, пов'язані з хмарними технологіями як об'єктом правового регулювання. Автор досліджує різні підходи до розуміння поняття «хмарних технологій», аналізуючи нормативні та доктринальні визначення. Досліджено основні наукові праці щодо тенденцій та проблем регулювання хмарних технологій, а також загальноприйняте розуміння правової природи хмарних технологій. На основі документа “The NiSt Definition of Cloud Computing” визначено основні властивості хмарних технологій. У статті детально описані всі переваги та недоліки хмарних технологій. Проаналізовано питання про складність взаємовідносин суб'єктів хмарних обчислень у змісті правовідносин. Розглянуто питання віртуалізації хмарних технологій.

У статті розглядаються прогалини в національному законодавстві України щодо регулювання хмарних обчислень, їх термології та робочого процесу. Цікавим питанням, порушеним у статті, є те, що сфера використання хмарних обчислень найкраще врегульована в українському законодавстві у сфері податків. Водночас, піднімається питання щодо подальшого впровадження хмарних технологій у інші перспективні галузі.

Автор звертає увагу на проблему відсутності нормативного визначення «хмарних технологій» у законодавстві України, що уповільнює можливість широкого застосування.

Досліджено також міжнародне законодавство. Стаття присвячена правовому регулюванню процесів хмарних технологій як у законодавстві ЄС, так і в законодавстві США. Перелічено міжнародні акти про захист даних, які є основними визнаними регуляторами обороту цифрової інформації.

Автор статті піднімає питання щодо запозичення досвіду інших країн світу в частині законодавчого врегулювання хмарних технологій, імплементація норм, які містяться в міжнародних нормативно-правових актів у законодавство. України.

У статті також піднімається питання використання хмарних технологій у бізнес-сфері, зокрема економічному секторі.

Ключові слова: технології хмарних обчислень, IT сфера, інформаційні системи.



Introduction

Problem setting

The constant development of information technology makes it necessary to study it in the legal field. One of the elements of the IT sphere are cloud computing technologies, which have been introduced relatively recently.

According to unanimous forecasts of the world's leading consulting companies, the rapid improvement and spread of cloud computing is now one of those key trends that in the next 5-8 years will significantly affect the global development not only of the IT industry, but also of business, finance, public administration, medicine, education and many other areas of human life.



Article's main body

Rapid development of cloud services, their efficiency, economy, speed and convenience in use lead to a constant increase of users of these services, in both the public and private spheres.

The need for regulatory regulation of cloud computing technologies a rises on the following grounds:

• A growth of the computing capacity of modern automated complexes.

• An increase in the volume of information flows, processed and transmitted by communication channels.

• A drastic rise in the number of distributed databases for various purposes.

• High growth rates of information technologies in all areas of society.

• A dramatic increase in the circle/number of users with direct access to cloud information resources [25, c. 304].

In other words, cloud technology allows the user, especially the corporate user, to unload three technical components to its current activities.

First, the system infrastructure related to the management of the software and the technical media for it; once the consumer turns to the cloud, the responsibility for this activity lies with the cloud technology provider, not the user.

Second, the cost of providing security is reduced - it is the responsibility of the provider, and the consumer only chooses the amount of security provided within the limits granted by the cloud service, the model of the cloud platform and the type of the concluded contract.

Third, the cloud becomes immediately available for use - from the moment the agreement is concluded, all users and customers of the cloud have access to it, without going through the process of installation, licensing, keying, etc. All of this significantly reduces the cost, as the acquisition of own support in the three areas indicated is usually more expensive than the service itself. According to Philip Kehler, these financial aspects, which are modified by the design features of the clouds, are very important [8, p. 9].

They are the reason for the current mass preference for cloud technology over traditional technologies, and they are the main motivation for the increasing interest in their development and regulation. All of this raises questions about the legal relationship in the provision and use of cloud technologies, and challenges in the legal definition of their concept, notion, structure and regulation begin.

The dynamism and continuous improvement of cloud computing technologies also require active regulatory adaptation. Above all, this is done at the international level. In recent years, international organizations have been actively pursuing reforms aimed at developing and implementing legal norms and legislation. First of all, it concerns standards and technical requirements in the field of informatization of cloud computing technologies [5, 15].

For example, according to the 2018 BSA Global Cloud Computing Scorecard, there is a significant increase in the activity of international organizations in the legislative field for improvement conditions of use of cloud technologies. Twenty-four countries were analyzed from a legal point of view, which together account for 80 % of the world market for the implementation of information and communication technologies [27, p. 411].

The analysis was conducted in seven categories of compliance of the legislative framework for the successful use of cloud technologies in the IT industry. The following basic criteria were identified by the experts: data privacy, security, cybercrime, intellectual property rights, upholding business standards and harmonization of legislation at the international level, promoting free trade and broadband deployment. cloud technology legal

Japan and South Korea are leading countries in this ranking. Ukraine did not enter the rating, probably due to lack of adequate regulation of cloud computing.

In September 2012, the European Commission adopted the strategy “Unleashing the potential of cloud computing in Europe”. The strategy identifies actions that will help increase 2,500,000 of new jobs in Europe, and annual growth of Ђ160 billion to the GDP of the European Union (EU, about 1 %) in 2020. The Strategy aims to accelerate and increase the use of cloud computing in all sectors of the EU economy. This strategy is the result of the analysis of the political, economic, legislative, regulatory and technological base under conditions of determining the ways of maximal use of potential “cloud” [7].

Research on cloud technology is conducted by the National Institute of Standards and Technology (USA), briefly NIST (The National Institute of Standards and Technology). This structure is responsible for the development of standards and regulations that include minimum technical requirements to ensure adequate information security of information assets of US government agencies [2].

In Ukraine, the use of cloud computing systems is regulated by the general rules of the laws on information and its protection, as well as by the norms of civil law. Of course, that is not enough in today's reality. In order to solve this problem, in 2016 Verkhovna Rada of Ukraine has registered a bill, which proposed amendments to some normative acts on information processing in cloud computing systems.

The main purpose of the draft law is to ensure the protection of processed information, as well as the distribution of duties and responsibilities between the parties to the contract for the provision of cloud computing services. Thus, the bill proposes to define the essential terms of the contract, among which the main ones are: determination the procedure for removing information from the system of cloud computing and the procedure for notifying the user thereof, the distribution of responsibilities between the parties of relations, the conditions and the procedure for terminating the provision of cloud computing services.

Most researchers recognize that the adoption of the relevant changes will improve the position of the user in these legal relationship, ensure the security of the transmitted information in the processing and establish a clear regulation of the parties' liability, even if the legal relationship is terminated.

Therefore, although the bill has not yet been adopted, it can be said that the Ukrainian legislature is moving in the right direction. Understanding that cloud computing technologies require legislative regulation directs the legislator to create a legal and regulatory framework to regulate these relationships.

Since the term “cloud computing” refers to the concept of a new technology that is still changing and developing, there is no uniform approach to its definition. Thus, in a major study that examined the current legal regulation of cloud technologies in countries of Asia-Pacific, the European Union, North America and Latin America, South Africa we can draw the following opinion. Having studied more than 50 cloud service contracts available for study, judicial precedents, as well as major academic and expert studies of the phenomenon, the main challenge is to understand the legal nature of cloud technologies that lies in the identity of the cloud itself.

So, the first major determination is given by The National Institute of Standards and Technology of USA (NIST). According to it, cloud technology is a model that provides ubiquitous, convenient and on-demand access to a common network of variable computing resources (for example, a network of servers, storage systems, applications or services) which can be quickly made available for use with minimal administrative costs or intervention by the service provider (provider) [10, p. 2].

However, the public authorities generally prefer to ignore this definition and the accompanying study on the nature and main features of cloud technologies, and favour selfdefined definitions. As a result, such definitions are extremely diverse, which in turn leads to differences in expert judgments and jurisprudence.

For example, the official report of the European Commission suggests that cloud technology should be understood as “A flexible environment for the provision of resources, which includes a wide range of beneficiaries and ensures the provision of a measurable quantity of services of a heterogeneous structure for a given level of service quality” [4, p. 8].

At the same time, according to the European Commission's strategy an another concept is given that looks like this: “Unleashing the potential of cloud computing in Europe” the concept of “cloud computing” is defined as the storage, processing and use of data on remotely located computers by access via the Internet” [9].

Another definition that would be appropriate to mention was given at the forty-seventh session of the United Nations Commission on International Trade Matters (UNCITRAL) in a proposal from the Government of Canada. According to it, a cloud is computational services (for example, hosting data or data processing data) when the technology is not based on a personal computer or on a proprietary computer system, but elsewhere via the internet connection, thanks to the form of restricted access granted to a certain group of individuals [13, p. 2].

There is no definition of cloud computing at the legislative level in Ukraine. As a result, the draft Law of Ukraine “On Amendments to Certain Laws of Ukraine (on Information Processing in Cloud Computing Systems)” proposes at the legislative level to define the concepts of “cloud computing systems” and “cloud service provider» and to define their legal status. We believe that this provision is appropriate and justified in the modern realities of information technology development.

We can define the basic properties of cloud technologies by using the document “The NIST Definition of Cloud Computing” of the National Institute of Standards and Technology of the United States. According to their conclusion, the main features of cloud technologies are: the possibility of highly automated self-service of the system by the provider; the presence of the Broad Network Access system; the concentration of resources at individual sites for their efficient distribution; rapid scalability - resources can be allocated and released at an unlimited rate depending on needs; managed service - the cloud management system automatically controls and optimizes the allocation of resources based on the measured service parameters: storage system size, bandwidth, number of active users, etc.

Ondemand Self Service is determined by the ability of the consumer to access the provided computing resources unilaterally as needed, automatically, without the need to interact with the staff of the service provider.

Broad network access implies the availability of the provided computing resources over the network through standard mechanisms for various platforms, thin and thick clients, mobile phones, tablets, laptops, workstations, etc.

Pooling of resources (Resorce pooling) - pooling of ISP's computing resources to serve many customers on a multitenant model. Examples of such resources include storage systems, computing power, memory, network bandwidth.

A sign of Rapid elasticity is that resources can be easily allocated and freed, in some cases automatically, for quick scaling proportional to demand. For the consumer, the possibilities of providing resources are unlimited, that is, they can be appropriated in any amount and at any time.

The essence of the measured service is revealed through the ability of cloud systems to automatically manage and optimize resources using measurement tools implemented at different abstraction levels for different types of services (for example, managing external memory, processing, bandwidth, or active user sessions). The resources used can be monitored and controlled to ensure transparency for both the provider and the user using the service.

Therefore, the above-mentioned features can certainly be called their advantages at the same time. Other benefits of cloud technology include accessibility, relatively low cost, flexibility and usability, and high computing power. One can be sure that the list of positive features of cloud technologies will soon be replenished with a few more points.

Although cloud computing has its drawbacks. The downside of cloud technology for users is that the more complex the mechanism of using these platforms, the more unsettled moments will occur for users, since in most countries there is a gap between the existing regulatory framework and the rapid development of IT.

According to research and sociological surveys, another problem with the use of cloud computing technologies is the lack of data security. Therefore, the main problem with the legal regulation of cloud computing technologies is the establishment of standards and guarantees in which the information used by the consumer will be safeguarded. An additional concern is the need for constant Internet connection.

All of these drawbacks are clearly evident in Ukraine. It's necessary to highlight the main problem of the legal regulation of cloud technologies in Ukraine - the absence of any regulatory act at all. This is why the relationship between the provider of cloud technology and its users is regulated mainly by contract.

At the same time, the number of agreements aimed at the use of cloud technology is increasing. However, there is no common understanding among scientists and in the legislation of different countries about the legal nature of cloud technology agreements.

Among the possible options for the qualification of contracts in this field, the following may be mentioned: contract of hire (lease), license contract, service contract, mixed contract, non-personalized contract [6, c. 97].

A separate problem in the Ukrainian legal framework is the taxation of the provision of cloud services. Due to the fact that cloud computing is not regulated by national legislation, the taxation of cloud computing services is uncertain in practice.

On the one hand, the Tax Code of Ukraine, in section XX, subsection 2, para. 26-1, determines that From 1 January 2013 until 1 January 2023, value added tax is waived for transactions in the supply of software products as well as transactions in software products for which payment cannot be considered royalties according to the second - seventh paragraphs of subparagraph 14.1.225 of paragraph 14.1 ofArticle 14 ofthis Code. For the purposes of this paragraph, software products are: the result of computer programming in the form of an operating system, a system, an application, an entertainment and/or an educational computer program (their components), as well as Internet sites and/or online-services and access to them [17].

Since “access to Internet sites and/or online services” is added to the software products, at first sight it may seem that such “access” is a service, and the legislator has now predicted the tax credit already for services. But there's more to it than that.

Despite the above, however, the tax authorities have an another vision of the issue. Thus, the State Fiscal Service of Ukraine in the Individual Tax Consultation dated 01/09/2018 No. 82/6 / 99-99-15-02-02-15 “On Taxation of Operations for the Provision of Cloud Services by a NonResident” came to the conclusion if there are no changes in software products as a result of the supply of other services related to software products, then operations for the supply of such services are subject to value added tax in accordance with the generally established procedure at a rate of 20 % [22].

Also, in the Individual Tax Consultation dated 26.03.2018. N 1231/6 / 99-99-15-03-02-15 of the State Fiscal Service of Ukraine noted that the use of the server for the lease of movable property and the legal relationship were not subject to the tax credit [20].

Therefore, despite the direct rule of the law on tax incentives, the provision of services in the cloud amenities (in particular, in the case when the fee is charged depending on the traffic used, the amount of memory, load, etc.) is actually subject to value added tax.

This position of the tax authority cannot be accepted, since the use of the cloud service by the user does not, in principle, involve the lease of property or changes in software.

So, as you can see, Ukraine does not have a unified approach to the taxation of cloud services by value added tax. This situation is problematic because it does not create an attractive investment climate through legal uncertainty in the taxation of cloud computing operations, and may lead to various disputes with taxpayers.

A large number of providers are foreign companies that appear in the Ukrainian market with well-established approaches in the field of providing access to cloud technologies, but usually such approaches are difficult to adapt to Ukrainian legal conditions. As a result, there are contractual structure emerged that mediate the use of cloud technologies by users whose legal nature requires careful legal analysis [14, c. 1160].

One of the problems in the use and regulation of cloud computing technologies is the complex nature of the relationships between entities in this field.

The complex nature of the legal relationship is that the application of cloud computing technologies requires the interaction of three entities: the user, the service provider, the system owner.

The difficulty is that an intermediary (service provider) appears between the user who provides certain information for processing and the owner of the cloud computing system, so there is no obvious connection between the first two entities.

Also problematic is the allocation of responsibility between the service provider and the system owner for the loss of data or the violation of the ownership of information, the user's intellectual property rights, including copyrights. Undoubtedly, apportioning responsibility among a large number of entities that might be subject to different jurisdictions, was a complex issue, especially in a context of uncertainty, who, where and under what legislation, responsibility would be incurred.

Cloud computing creates a new dynamic in the information management relationship due to the presence of a third party - the cloud provider. This creates new difficulties in understanding how to apply the law in the great variety of new information management scenarios [24].

To date, due to regulatory deficiencies, this provision should be the key in a cloud service contract, since the lack of a clear definition of the liability of the parties, problems arise in determining the proper plaintiff in the case of litigation.

For this reason, it is proposed at the legislative level to determine in which cases and which actors should be held accountable for violations in this area.

The question of the emergence and content of subjective rights to cloud computing technologies does not have a single answer among scientists. Most researchers recognize that this depends on the terms of the contract for the provision of cloud services and on the will of the parties that entered into it [26, c. 306].

In accordance with the provisions of the Law of Ukraine “On Information Protection in Information and Telecommunication Systems”, the system owner determines the conditions of information processing in the system in compliance with the contract concluded with the holder of such information [21].

In the view that civil law is dominated by the principle of freedom of contract, the parties to a contract are free to determine when subjective rights to cloud computing technologies arise and the content of the rights and obligations of the parties.

Also, Ukraine still does not have an explicit policy on the use of cloud technologies in the public sector, which in turn has a negative impact on their development in the private sphere. In this regard, we lag far behind almost all European countries. But there is one positive aspect to this: we have at our disposal the entire diversity of world experience in this area. It is not necessary to invent something new, it is enough to adapt the most suitable variant in Ukrainian realities.

Actually there are not so many “pure” concepts, but their combinations form a large number of intermediate options. For example, it is possible to have an extremely liberal “American” approach - the same Cloud First and the next in the long term Cloud Smart. The role of the law here is to establish the general rules of the game and to define clear safety requirements for operator infrastructures. A crucial point is the priority of using clouds for IT in government organizations, while the purchase of physical equipment should only take place when it is simply unavoidable.

Turning to the problem of regulation of cloud technologies, it should be noted right away that even foreign lawmakers have focused their attention on cloud regulation only in recent years, particularly after the scandal caused by the Edward Snowden case. The case discloses abuse by the US National Security Agency in providing access to personal information and personal data. The relationship between these two phenomena is due to the main feature of cloud technologies that distinguish them from traditional computer technologies - their virtualization [15].

Cloud content services can be equivalent to any of the traditional computer technologies: from a database and software (Adobe Lightroom) to a storage system (Dropbox, iCloud), a computer platform for websites, etc. Their main difference is virtualization, that is, everything these services are provided via the Internet and through it, without being tied to the installation on a specific technical medium (computer, tablet, phone, etc.), and the storage locations of the information transferred to the cloud and the location of services are distributed throughout the world and do not have a clear localization. Instead, it is the physical location of the cloud service provider, usually the registration address of a legal entity.

In one of the studies concerning such a method of transmission and storing information such as the cloud, states that the main purpose of modern computer technology is to break down barriers between information services [23, p. 52]. This is expressed precisely in the fact that modern technologies no longer depend on the geographic location of the service provider and the efficiency of the market for such services is directly related to the speed of access granted to the user, regardless of where the service is located. Disconnected from a fixed computer, users who own information can access it from anywhere in the world with Internet availability. “Mobile revolution” which took place in 2008-2010 complicated the legal regulation of the protection of information and at the same time brought it to the international level not only in the legal sense, but also in the actual one.

This was the reason why information owners, such major information market players as Google or Apple, who had crossed the national borders of the countries where they had been created a long time ago, were no longer interested in national regulation of information. One of the main reasons is the internationalization of the services they provide - both companies have the highest number of users all over the world. National regulation is problematic for them because it requires compliance with the legislation of each particular technology market country, while international instruments create standards for the provision and protection of information that are universal for any State and, moreover, that operate within a transnational legal framework.

In addition, international legislation raises the bar of information regulation by minimizing the risks of entering the national market or using a service provided under the laws of another State, and also reduces the number of legal conflicts between the legal regimes of different States. In general, information technology legislation has two objectives: first, to maximize the benefits and profits of technological development; second, by regulating it, to respect rights and interests that are valuable for a particular country. At the same time, legislative regulation should be based on an understanding of what information technology development is for a particular State, what benefits it can bring to the economy and society of a particular country and to what extent this country can be a part of the ongoing development processes.

Based on this, understanding these three points allows you to create an adequate legislative regulation of information technologies, including the regulation of data circulation. Otherwise, legislation lags behind the development of legal relations and replaces legislation with business usages, contractual practices or, in the case of common law countries, case law.

Turning to the international legislative practice of regulating information processes it should be noted, first of all,that the main sphere of regulation nowadays is the sphere of regulating the circulation of data on the Internet, which is confirmed by the analysis of numerous regulatory legal acts of various states. Almost every state has adopted a law concerning the regulation of virtualized data; in addition, a number of states have adopted other regulations governing the circulation of certain types of data, as well as other forms of activity on the Internet, including cloud services.

However, here it is worth noting the following important fact - the legal “influence” of a normative legal act in this area is no longer determined by its legal force or the body from which it proceeds. The main reason for the development of laws in the field of cloud technologies was, oddly enough, the spread of a particular cloud service outside the country in which it was created, since most of the large cloud providers are residents of the United States or the European Union.

According to the International Directory of Data Confidentiality Legislation [1] or the International Law on Data Protection Guide [3], the only truly international (and at the same time specialized) act regulating data circulation, is Directive of the European Parliament and the Council of the European Union 95/46/EU of 24 October, 1995 “On the protection of individuals in the processing of personal data and on the free circulation of such data”, which has entered into force for the regulation of the circulation and protection of information within the European Union (hereinafter - Directive 1995) [11].

For the European Union, this act has become a key one in information technology issues, directly ensuring the right to data protection - one of the fundamental rights of the individual, according to the European Convention on Human Rights and the Charter of Fundamental Rights of the European Union. Since the entry into force of the Lisbon Treaty in 2009, all the rights listed in the aforementioned acts have direct and full effect. Article 16 contains a provision according to which the European Parliament is obliged to create and implement the rules that will regulate data protection and will oblige the state authorities, the bodies of the European Union and the EU member states to do so.

This gave rise to the Directive 1995, as well as the Directive 2002/22/EC of the European Parliament and of the Council of 7 March 2002 on universal service and users' rights relating to electronic communications networks and services (Universal Service Directive) [12], which regulates the amount of internet traffic, cookies and spam. The Directive 1995 and the Directive on Universal Services are currently the main acts regulating the circulation of virtualized data on the network within the EU. Taking into account the process of Ukraine's European integration, it is possible to adopt the European initiative and try to join the EU cloud network.

The peculiarity of the construction of the US legal system precludes the possibility of regulating information relations by a single legal act. Therefore, some scientists call American legislation on information “sectoral” [16]. This means that data law is made up of a mix of state (federal and state) laws, inferior regulation and self-regulation, rather than simple government intervention.

This legislation does not apply to the entire range of legal relationships in the field of computer information, but to certain sectors and circumstances (e. g. there is the Video Privacy Protection Act of 1988, the Cable Television and Competition Protection Act of 1992, the Fair Credit Reporting Act, and the Liability and Transference Act of 1996, etc.). All of them constitute a system of sources of law on confidentiality and protection of personal information, as well as other digital information. This means that data protection in the United States depends on the nature and content of the information stored on digital media.

Some US legislation obliges data owners to ensure that their service providers are able to maintain the confidentiality of personal information entrusted to them. Consequently, the definition of private information varies depending on the selected law or regulation governing a particular type of information, so only a general legislative framework will be described here.

In the general context of laws, the definition of private information includes the following: a person's name, social security number, driver's license number, or financial account number. In other cases, the definition of private information is much broader. Although most of the current US laws apply only to private digital (electronic, strictly speaking) information, some of them apply to information in any form, including printed form and hand-written records. But two federal legal acts are aimed at acting only in relation to digital service providers: Health Insurance Portability and Accountability Act of 1996 and Gramm- Leach-Bliley Act of 1999 [19; 18]. In addition, there are federal laws that have been drafted to restrict digital service providers with access to personal information. They limit the actions of service providers according to the location of the data.

At the moment, in the United States and in the world, the most significant is the Health Insurance Portability and Accountability Act 1996, also known as Kassebaum - Kennedy Act.

This happened due to the prevalence of services offered by such large providers as Apple, Google, Amazon and others. Almost all of them are located in the United States, and their actions are bound by the Kassebaum - Kennedy Act. The purpose of the Act was to protect the information available in the health insurance database, so that all providers are now divided between those who are bound by the law and those who are not.

However, the regulation of digital information does not consist only of EU and US laws. With the adoption of the Patriot Act establishing transnational jurisdiction and the Snowden scandal, legislation to regulate the storage and protection of digital information began to evolve in many States.

Another reason for this is that, although mega-corporations and market leaders (Apple, Google, IBM, Microsoft) are now the world's leading players in the digital market, Chinese providers are also emerging to compete openly with such market giants, like, for example, Amazon. At the same time, local digital information operators are developing and are popular in a particular State rather than worldwide. Since such services are usually provided within the borders of one country, they require national legislation as a universal regulator.



Conclusion

Cloud computing technologies are now at the forefront of information development in most countries of the world. This is quite logical, because with proper implementation and use of cloud services have a lot of advantages - this is the reduction of the total cost of owning IT infrastructure, the high speed of realization of new services, and the availability of services from any part of the country. More than enough has been written and said about the virtues. The drawbacks, of course, are also there, but the situation in the world is that it is not possible to do without cloud services at all - it is only a question of how widely they will be used.

In view of the above, US and international data protection laws are the main recognized regulators of digital information circulation. However, the only transboundary law in this area is the 1995 Declaration, whose jurisdiction extends to the territory of the European Union. Most of the acts, with the exception of the Declaration and Principles of the Safe Harbor Agreement, were adopted before 2000, when the world's most common virtual digital information repositories - social networks, blogs, cloud repositories, and so on - emerged and became popular.

Unfortunately, the rapid development of this institution has not yet caught up with the legislation of Ukraine. By this time, general contract law was sufficient to regulate the provision of cloud services. However, there is now a clear need to introduce the regulations of this institute for the further development and dissemination of cloud computing technologies.



References

1. Baker Hostetler, International Compendium of Data Privacy Laws. 2015. URL: http://www.bakerlaw.com/files/Uploads/Documents/ Data%20Breach%20documents/International-Compendium-of-Data-Privacy-Laws.pdf

2. BSAGlobalCloud ComputingScorecard 20і8. URL: https://cloudscorecard.bsa.org/2018/pdf/BSA_2018_Global_Cloud_Scorecard.pdf

3. DLA Piper Handbook of Data Protection Laws of the World. DLA Piper Global Privacy. Data Protection Resource. URL: https://www.dlapiperdataprotection.com/#handbook/world-map-section

4. EC Expert Group Report 2010. The future of Cloud Computing: Opportunities For European Cloud Computing Beyond 2010. URL: https://ec.europa.eu/digital-single-market/en/cloud-computing-expert-group-research

5. Федонюк С. В. Хмарні технології в електронному врядуванні. Науковий вісник Волинського національного університету імені Лесі Українки. 2011. № 20. С. 13-19.

6. Гладківська О. В. Вплив хмарних технологій на стан інформаційної безпеки: правовий аспект. Інформація і право. № 3. 2014. C. 92-101.

7. Гнатюк С. Перспективи розвитку ринку хмарних обчислень в Україні: переваги та ризики: аналітична записка. URL: http://www.niss.gov.ua/articles /1191

8. Koehler P., Anandasivam A., Dan M. A. Cloud Services from a Consumer Perspective. Americas Conference on Information Systems. AMCIS 2010 Proceedings. URL: http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1334&context=amcis2010

9. Kroes Neelie. Towards a European Cloud Computing Strategy. URL: http://europa.eu/rapid/pressReleasesAction. do?reference=SPEECH/11/50

10. National Institute of Standards and Technology's (NIST). Final Version of NIST Cloud Computing Definition. URL: http://nvlpubs.nist.gov/ nistpubs/Legacy/SP/nistspecialpublication800-145.pdf

11. On the Protection of Individuals with regard to processing of personal data and on the free movement of such data. Directive of the European Parliament and of the Council of the European Union 95/46/EC 24 October 1995. URL: http://www.consultant.ru/cons/cgi/online. cgi?base=INT;n=49528;req=doc#0 (In Russian).

12. On universal service and users rights with regard to electronic communications networks and services (Universal Service Directive). Directive of the European Parliament and of the Council of the European Union 2002/22/EC 7 March 2002. URL: http://www.consultant.ru/cons/ cgi/online.cgi?req=doc;base=INT;n=50252#0

13. Planned and possible future work. Part IV: Proposal by the Government of Canada: possible future works on electronic commerce - legal issues affecting cloud computing (A/CN.9/823, 2015). URL: https://documents-ddsny.un.org/doc/UNDOC/GEN/ V14/041/30/PDF/V1404130. pdf?OpenElemet

14. Прокопович О. Облачные технологи: понятие, правовое регулирование, зарубежный опыт. Закон и бизнес. 2014. № 18-19. C. 1160-1161.

15. Robinson N. L. Valeri, Cave J., Starkey T. The Cloud: understanding the security, privacy and trust challenges. Santa Monica, CA, USA: RAND Corporation, 2011. 135 p.

16. Schriver R. R. You Cheated, You Lied: The Safe Harbor Agreement and Its Enforcement by the Federal Trade Commission. Fordham L. Rev., 2002, vol. 70, p. 2777-2779.

17. Податковий кодекс України від 2 грудня 2010 року. Офіційний веб-сайт Верховної Ради України. URL: https://zakon.rada.gov.ua/ laws/show/2755-17/conv#n4678

18. The Gramm-Leach-Bliley Act (GLBA) (Financial Services Modernization Act of 1999. Pub. L. 106-102, 113 Stat. 1338, November 12, 1999 (U. S.). URL: https://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf

19. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). Pub. L. 104-191, 110 Stat. 1936, August 21, 1996, (U. S.). URL: https://www.gpo.gov/fdsys/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf

20. Державна фіскальна служба України. Індивідуальна податкова консультація від 16.05.2018 № 2183/6/99-99-15-03-02-15/ІПК. URL: https://zakon.rada.gov.ua/rada/show/v2183872-18#Text

21. Про захист інформації в інформаційно-телекомунікаційних системах. Закону України від 05.07.1994. URL: https://zakon.rada.gov.ua/laws/show/80/94-вр#Text

22. Державна фіскальна служба України. Індивідуальна податкова консультація від 09.01.2018 р. № 82/6/99-99-15-02-02-15/ІПК. URL: http://vobu.ua/ukr/documents/item/ipk-dfsu-vid-090118-r-82-6-99-99-15-02-02-15-ipk-shchodo-opodatkuvanniaoperatsii-z-nadannia- nerezydentom-khmarnykh-posluh

23. Vaquero L. M., Rodero-Merino L., Caceres J., Lindner M. A Break in the Clouds: Towards a Cloud Definition. SIGCOMM Computing Community Review, 2009, vol. 39 (1), p. 50-55.

24. Уинклер Дж. Р Облачные вычисления. Вопросы права и требований регулирующих органов. URL: http://technet.microsoft.com/ ru-ru/magazine/hh9 94647.aspx

25. Юдін О. К. Нормативно-правові аспекти використання хмарних технологій. Наукоємні технології. 2014. № 3. C. 303-307.

26. Юдін О. К. Нормативно-правові аспекти використання хмарних технологій. Наукоємні технології. 2014. № 3. C. 303-307.

27. Юдін О. К., Корченко О. Г., Конахович Г Ф. Захист інформації в мережах передачі даних. Київ: Вид-во ТОВ НВП «Інтерсервіс». 2009. 716 с.

Размещено на Allbest.ru