In this research work, Perry4Lawand Perry4Law’s Techno Legal Base (PTLB) are discussing about the techno legal regulatory requirements that must be complied with by the cloud computing service providers of India and foreign jurisdictions operating in India.
Cloud computing is a buzz word in the business circles of India. Many cloud computing service providers are over enthusiastic and are ready to grab a pie share of promising cloud computing business of India. Even from the governmental circles positive reports regarding possible use of cloud computing for governmental functions has come. However, not everything is as easy, positive and comfortable as is portrayed by governmental officers or cloud computing service providers.
The bigger question now is whether cloud computing would be successful in Asia in general and India in particular? Techno legal experts have opined against such use of cloud computing in India due to inherent weaknesses of Indian cyber laws, privacy and data protection laws and defective e-governance and ICT policies in India.
Legal and regulatory issues of cloud computing in India are still missing. Even basic level legal norms are missing in India. Naturally, India is not ready for m-governance and cloud computing as on date. There is no cloud computing legal environment in India and cloud computing is a new landmine for privacy in India.
Besides technological and security issues, there are also a variety of other regulatory, compliance and legal issues to consider when moving to the cloud infrastructure in India. Cloud computing stakeholders must realise and accept that regardless of which computing model they use, whether cloud based or otherwise, they need to consider the legal issues, specifically those around any data they might collect, store and process.
For instance, Health Insurance Portability and Accountability Act of 1996 (HIPAA) is one of the most important health related legislations of United States (US). HIPPA ensures health care coverage, privacy protection, electronic information security, and fraud prevention regarding health care related issues. If you are storing health related information on a cloud infrastructure, you are required to comply with concerned laws in this regard.
At present we have no dedicated e-health laws and regulations in India but these laws would be formulated in the near future. Even essential attributes of these laws like privacy protection, data protection, data security, cyber security, confidentiality maintenance, etc would be governed by dedicated laws in future.
Similarly, online sales of prescribed medicines in India is still unregulated and illegal and unregulated online sales of prescribed medicines in India is happening right under the nose of Indian government. Electronic trading of medical drugs in India and HIPAA compliances in India would raise further cloud computing regulation issues in India.
The Information Technology (Intermediaries Guidelines) Rules 2011 of India has prescribed cyber law due diligence requirements in India. The cyber laws due diligence requirements for companies in India are strenuous in nature and Internet intermediaries in India need to take care of the same to avoid legal troubles. In particular, online payment platforms, online travel agencies, Internet service providers ISPs), banks, foreign websites, cloud service providers, etc are vulnerable to legal actions if they fail to observe cyber due diligence in India.
Even appropriate legal actions against foreign websites can be taken in India. Further, cyber litigations against such foreign websites would increase in Indiain the near future. It is of utmost importance for these foreign cloud computing companies and websites to follow Indian laws in true letter and spirit.
In many cases the concerned CFO and CEO may be jointly or/and severably prosecuted for violation of Indian laws. Indian laws require designation of a specific person to manage and comply with Indian laws and a failure to do so may result in prosecution of concerned CFO and CEO.
Perry4Law and PTLB hope this research work would prove useful to all cloud computing solution providers of India and abroad and they would comply with the requirements of various laws as mentioned in this research work.