Publication details
Office 365 v. Google Apps: A data protection perspective
| Authors | |
|---|---|
| Year of publication | 2015 |
| Type | Article in Periodical |
| Magazine / Source | Masaryk University Journal of Law and Technology |
| MU Faculty or unit | |
| Citation | |
| Web | Open access časopisu |
| Field | Law sciences |
| Keywords | Data protection; cloud; SaaS; Google Apps; Office 365; data processing agreement; DPA |
| Attached files | |
| Description | This article lists the requirements of European data protection law as regards the contents of a contract between cloud provider and cloud client. Based on these requirements the contracts for the provision of Google Apps for Work and Microsoft Office 365 for small and medium enterprises are evaluated and compared from the data protection perspective. The article also discusses the shortcomings of the current legal framework for data protection with regard to cloud computing, and analyses the possible improvements made by the General Data Protection Regulation. A cloud client usually plays the role of a data controller, while the provider may be a data controller, data processor or may not fall under the scope of data protection law. The relationship between the client and cloud provider, as a data processor, must be governed by a contract stating that the provider is bound by the instructions of the client, and describing the security measures. The contract for Microsoft Office 365 was found to be compliant with data protection law. The contract for Google Apps for Work suffers from several deficiencies that may cause a breach of data protection law. The current data protection framework lacks unification, clarity, scalability and balance regarding liability. With the exception of unification, the General Data Protection Regulation is not expected to bring a substantial improvement if it is adopted using the proposed wording. To cope with the problems arising from the interaction of cloud contracts with current law, cloud clients and providers may use the Cloud Service Level Agreement Standardisation Guidelines. |