Category Archives: Cloud Computing Laws In India

Is Cloud Computing A Viable Solution In India?

Cloud computing has been projected as an essential requirement in India these days. However, this assertion fails to mention that cloud computing in India is legally risky. The rush for use of cloud computing in India has also ignored the analysis whether cloud computing is a viable solution in India or not.

Cloud computing to be viable and sustainable must be supported by many elements including a sound regulatory framework for the same. Till now we have no dedicated regulatory framework for cloud computing in India. In fact, we have no legal framework for cloud computing in India at all.

As per the recent research and studies of Perry4Law and Perry4Law Techno Legal Base (PTLB), cloud computing in India is risky and India is not ready for cloud computing. This conclusion of Perry4Law and PTLB has been endorsed by other companies and it has been reported that chief information officers (CIOs) in India are not comfortable using cloud computing in India.

Absence of an effective cloud computing policy of India is responsible for limited utilisation of cloud computing in India. However, legal issues of cloud computing in India are the main reason for cautious adoption of cloud computing in India.

Further, India is a country that has weak privacy, data protection and data security laws. India is also infamous for its e-surveillance and eavesdropping exercises without any constitutional laws backing the same. Phone tapping in India is not done in a strictly constitutional manner and we also lack a lawful interception law in India.

With the information technology amendment act, 2008 (IT Act 2008), the cyber law of India has been amended and this has also made it vulnerable to constitutionality attacks. With projects like national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), central monitoring system (CMS), etc e-surveillance in India has reached its zenith.

In this background we have to analyse the use of cloud computing in India. Cloud computing in India cannot succeed till we have trust in the service provider. We cannot trust a service provider who can be forced to disclose even the most sensitive information and data without a court order.

In India a mere order from the Indian government or its agencies is enough for the service provider to share sensitive information. There is no judicial scrutiny of a warrant that is absolutely required in these circumstances. So you cannot be even sure what government agencies are looking at and what information they are taking from the service provider.

Any business model must essentially balance profit motives and risks associated with the business. Similarly, the users of cloud computing services must ensure that the convenience of software as a service (SASS) and cloud computing is much greater than the risks of data leakages and manipulations.

Till now the legal opinion is weighting against the use of cloud computing and SAAS in governmental departments and for governmental projects. Without a conducive legal framework, user’s data in India is not safe. Let us create a conducive commercial and legal environment before we jump upon cloud computing wagon.

Legal And Regulatory Issues Of Cloud Computing In India

Use of cloud computing in India is still not very liberal. There are many policy and law related issues that are responsible for slow growth and adoption of cloud computing in India. Absence of an effective cloud computing policy of India is responsible for limited utilisation of cloud computing in India. However, legal issues of cloud computing in India are the main reason for cautious adoption of cloud computing in India.

We have no dedicated regulatory framework for cloud computing in India. In fact, we have no legal framework for cloud computing in India at all. Even as per the research and studies of Perry4Law and Perry4Law Techno Legal Base (PTLB), cloud computing in India is risky and India is not ready for cloud computing. This conclusion of Perry4Law and PTLB has been endorsed by other companies and it has been reported that chief information officers (CIOs) in India are not comfortable using cloud computing in India.

In short, cloud computing in India is still not trusted. The primary reasons for this situation is absence of legal framework for cloud computing in India, missing privacy laws, absence of data protection laws in India, inadequate data security in India, etc.

Even the cloud computing due diligence in India is missing and companies and individuals are using the same in great disregard of the various laws of India. Cloud computing service providers in India are required to follow cyber law due diligence in India. The cyber law due diligence for Indian companies is now well established but cloud computing and e-commerce service providers are not taking it seriously.

We believe that India must not use software as a service (SaaS), cloud computing, m-governance, etc till proper legal frameworks and procedural safeguards are at place. This has also been accepted by the CIOs community and it is now for the Indian government to do the needful. Similarly, cloud computing security in India is also required to be strengthened. As on date, use of cloud computing in India is not a viable solution as we are ignoring legal and security concerns. Cloud computing in India must be techno legal in nature and till it meets the techno legal requirements, it should not be used in India.

Besides regulatory framework for cloud computing in India we must also ensure high availability levels, appropriate data erasing mechanisms, data privacy at the service provider’s level, export restrictions upon data, data handling monitoring mechanisms, jurisdictional issues, cloud computing security issues, licensing issues for cloud computing, etc.

Privacy violations, data breaches, data thefts, cyber crimes, etc would definitely arise in cases of use of cloud computing in India. Even if a company or individual offers cloud computing services in India, it/he has to comply with many legal provisions and cyber due diligence requirements. The information technology act 2000 (IT Act 2000) has prescribed due diligence requirements for various business organisations and stakeholders. These due diligence requirements equally apply to cloud computing service providers in India.

These due diligence requirements are very stringent and cloud computing providers can find themselves in legal hassles if they ignore the same. Managing sensitive and personal data and information in India is no more a causal approach but it has become very stringent.

With the proposal to codify law of torts in India, more and more civil proceeding for violation of privacy rights may be initiated against the cloud computing service providers. It would be a wise option to establish best practices and cloud computing policy by all stakeholders in their own larger interests.

Legal Issues Of Cloud Computing In India

Cloud computing is a process in which essential hardware and software based services are provided by a third party with no requirement to install such hardware and software by the service seeker. In other words, computational powers, hardware upgrades and latest software are provided on rent in an online environment where individuals and organisations can use the same.Cloud computing is basically