‘It’s a jungle out there’?: Cloud computing, standards and the law
Standards are a feature of all information and communication technology markets, including cloud computing. This article examines various strands of standards development in the cloud market, in respect of technical, informational and evaluative matters. It considers the concern expressed by the European Commission in 2012 that there was a ‘jungle of standards’ posing a potential barrier to cloud innovation and take-up, which was subsequently shown to be a misrepresentation of the current situation. The different policy objectives of standards-making are considered, specifically interoperability, data portability, data protection and data security. Current standards initiatives are outlined, focusing particularly in the area of evaluative standards, where cloud users are looking for assurances that their data is being processed in a secure and legally compliant manner. Recent work carried out by Commission-led expert groups in the areas of service level agreements and data protection; as well as international initiatives within the ISO/IEC are outlined. The interaction between standards and the law are analysed, from both a public and private law perspective. The article concludes that technical standards for cloud are progressing in a satisfactory manner; while it is in the area of evaluative standards that the greatest challenges lie, especially where the underlying legal framework is undergoing reform.