Cloud storages and its legal regulation in Czech Republic

Cloud storages and its legal regulation in Czech Republic

Cloud storage is becoming more and more exploited in Czech Republic, especially for financial convenience, usually better data security stored in cloud storage than security that the user can afford on their own servers and of course for the convenience for the user himself. Despite these undisputed benefits, cloud storage is being criticized increasingly. The expansion of cloud storages for wide population was even one of the reasons for adoption of the regulation of EU - The General Data Protection Regulation (“GDPR”), which first reflected coookies, IP addresses or e-mail addresses as part of a demonstrative enumeration of what can be considered as personal data. By using cloud storage, the user will lose his sole control not only over the technical methods of saving and protecting his data, but also over the data themselves.

The user and the provider of the cloud storages in Czech Republic usually enter into an one-sided contract in favor of the provider, in which the provider often limits its liability for damage or other harm caused to users. Such one-sided contracts often give the provider right to dispose of the intellectual property contained in the stored data, or to even issue it to a third party, such provisions on cloud storage contracts are more and more common. The validity of such provisions may be disputed, but users, given the nature of the contract, are not in a position to change them and still conclude the contract.

A typical one-sided contract is the contract, where the weaker contracting party does not have a real possibility to change the contractual terms and provisions, is in Czech Republic regulated in the provisions of § 1798 et seq. of the Civil Code. The Czech Civil Code contains a rebuttable legal presumption that in case the contract is concluded through a form (sample form contracts), it is considered to be an one-sided contract.

Every cloud storage must have its servers, existing somewhere in the real world. Every real, physical object can be destroyed (whether by the act of vis major, or by another person). In this case, the provider of such storage shall be held liable to all users he is in a contractual relationship with. But such servers might be also distrained upon the provider, for example because of a bankruptcy. In such cases, the users might lose their data completely, and get no compensation at all.

Recent years have shown that more and more companies in Europe are storing and managing their data through cloud providers (41% of all European companies, according to data from 2017). Since the GDPR became effective, this absolute number is rising, as there is a mistaken belief within the company executives, that by using the cloud services the liability of the personal data controller (person obliged to protect and control personal data he/she controls) is retracted. Although it’s the truth, that cloud service providers must ensure that they provide their services in accordance with the GDPR regulation, but that does not release the personal data controller from the obligation to choose the safe cloud service provider, to assure the level of data protection of that provider is sufficient, and to conclude a service contract that shall protect personal data stored on the cloud storage under the GDPR regulation.

As a response to the above-mentioned situation, a coalition of cloud services companies and cloud service providers, working under the name CISPE, was established across European countries. Any cloud service provider that meets the terms of the so-called “CISPE Code” may join this coalition. Services that meet the criteria of CISPE Code are safely in compliance with the GDPR regulation, and its providers can use the “Trust Mark” - a brand of CISPE, that ensures safety of services provided. Cloud companies and providers fulfilling these criteria are published on the CISPE website.

 

For more information please contact us:

JUDr. Mojmír Ježek, Ph.D.

ECOVIS ježek, advokátní kancelář s.r.o.
Betlémské nám. 6
110 00 Prague 1
e-mail: mojmir.jezek@ecovislegal.cz
www.ecovislegal.cz/en

About ECOVIS ježek advokátní kancelář s.r.o.
The Czech law office in Prague ECOVIS ježek practices mainly in the area of Czech commercial law, Czech real estate law, representation at Czech courts, administrative bodies and arbitration courts, as well as Czech finance and banking law, and provides full-fledged advice in all areas, making it a suitable alternative for clients of international law offices. The international dimension of the Czech legal services provided is ensured through past experience and through co-operation with leading legal offices in most European countries, the US, and other jurisdictions. The Czech lawyers of the ECOVIS ježek team have many years of experience from leading international law offices and tax companies, in providing legal advice to multinational corporations, large Czech companies, but also to medium-sized companies and individual clients. For more information, go to www.ecovislegal.cz/en.

The information contained on this website is a legal advertisement. Do not consider anything on this website as legal advice and nothing on this website is an advocate-client relationship. Before discussing anything about what you read on these pages, arrange a legal consultation with us. Past results are not a guarantee of future results, and previous results do not indicate or predict future results. Each case is different and must be judged according to its own circumstances.

Comments are closed.