Académique Documents
Professionnel Documents
Culture Documents
juridiquement dangereux ?
conclusion
nayez pas peur !
jean-paul 2
3 points dintro
dfinition
wikileaks
exemple
0.1 - dfinition
est-ce si
nouveau ?
buzz
ASP
outsourcing
bien ou pas?
accs
an emerging architecture by which
data and applications reside in cyber
space, allowing users to access
them through any web connected
device.
(John B. Horrigan) (2008)
responsabilit
Cloud computing refers to a variety of
technologies that transfer the
responsibility for a computing activity
(such as storage or processing) from a
local computer to a network of remote
computers over the Internet. The remote
computers are generally operated by a
third-party cloud service provider.
James Kosa (2010)
contrle
logiciel
3 modles
plateforme
Saas
infrastructure
Paas
Iaas
0.2 - exemple
(03 septembre)
(20 septembre)
0.3 wikileaks
perspective politique
perspective constitutionnelle
perspective en gestion documentaire
perspective juridique
balance entre
scurit
nationale
libert
d'information
Stefana
Broadbent
efficacit /
accs
scurit
responsabilit?
contrat ?
contrat
ovh
responsabilit
6 grandes
proccupations
1. gestion documentaire
ex.1
Loi concernant le cadre juridique des technologies de
linformation (Quebec) (2001)
pause publicitaire
www.lccjti.ca
ex.2
Personal Information Protection and Electronic
Documents Act, S.C. 2000, c. 5
4.7 Principle 7 Safeguards
Personal information shall be protected by security safeguards appropriate
to the sensitivity of the information.
4.7.3
The methods of protection should include
(a) physical measures, for example, locked filing cabinets and restricted
access to offices;
(b) organizational measures, for example, security clearances and limiting
access on a need-to-know basis; and
(c) technological measures, for example, the use of passwords and
encryption.
4.7.4
Organizations shall make their employees aware of the importance of
maintaining the confidentiality of personal information.
la gestion documentaire
est diffrente celle du papier
fonctions
documentaires
oprations
solutions
administratives
1 document
lui -mme
2
documentation
copie
transfert
1.1 fonctions
documentaires
Confidentialit
Integrit
Disponibilit
exemples de documents
document de lavocat dans le cadre de la
relation avec son client
confidentiel
intgrit
disponibilit
exemples de solutions
solution techniques sont disponibles
(telles que le chiffrement) (pas le point le +
important)
toujours une balance entre confort vs scurit
toujours une balance entre $$$$$ vs scurit
1.2 oprations
documentaires
transfert
garde
destruction
conservation
transmission
garde
26.Quiconque confie un document technologique un prestataire
de services pour qu'il en assure la garde est, au pralable, tenu
d'informer le prestataire quant la protection que requiert
le document en ce qui a trait la confidentialit de l'information
et quant aux personnes qui sont habilites en prendre
connaissance.
Le prestataire de services est tenu, durant la priode o il a la
garde du document, de voir ce que les moyens technologiques
convenus soient mis en place pour en assurer la scurit, en
prserver l'intgrit et, le cas chant, en protger la
confidentialit et en interdire l'accs toute personne qui n'est
pas habilite en prendre connaissance. Il doit de mme assurer
le respect de toute autre obligation prvue par la loi relativement
la conservation du document.
processus de scurit
processus de scurit
categorisation de linformation QUOI
Approche pluridisciplinaire
COMMENT
Identification de la personne
responsable du processus QUI
lieu des serveurs O
processus work in progress
ex. 1
ex. 2
2. contrat
principales diffrences
gnral
free
7 pages
Several documents
by reference (as
privacy policy,
copyright,
complaint, etc.)
contract may be
changed by
Amazon with no
specific notice
$$$$ / free
23 pages
several documents
by reference (as
privacy policy)
contract may be
changed by
Amazon with no
specific notice
responsabilit
droit applicable
state of California
(art. 19)
state of
Washington (art.
14)
scurit
You agree that Google
has no responsibility
or liability for the
deletion or failure to
store any Content and
other communications
maintained or
transmitted by Google
services.
no mention
7.2. Security. We
strive to keep Your
Content secure, but
cannot guarantee
that we will be
successful at doing
so, given the nature
of the Internet.
Accordingly, without
limitation to Section 4.3
above and Section 11.5
below, you acknowledge
that you bear sole
responsibility for
proprit
Googles rights
Software
Marks
Advertisement
information
Your rights
Non-exclusive right
and license to use
the object code of
its sofware
Data
Amazon properties:
Software
Marks
Platform
feedback
customer
properties
License
Data
Some applications
permission
2 APPROPRIATE CONDUCT
You understand that all
information, data, text, software,
music, sound, photographs,
graphics, video, messages or
other materials ("Content") are
the sole responsibility of the
person from which such Content
originated. Google reserves the
right, but shall have no obligation,
to pre-screen, flag, filter, refuse,
modify or move any Content
available via Google services. You
understand that by using Google
services you may be exposed to
Content that is offensive, indecent
or objectionable, and that you use
Google services at your own risk.
For some services, Google
provides tools to filter out adult
data location
no information in
contract but
for sure there
are some server
farms in US
no information in
contract but
for sure there
are some server
farms in US
PATRIOT Act
Providing Appropriate Tools Required
to Intercept and Obstruct Terrorism
(2001)
enhance American authorities control
ability
lack of transparency about the law
application
Q1
Q2
protection quivalente ?
B.-C.
3.
et + largement en Europe
25(1). The Member States shall provide that
the transfer to a third country of
personal data which are undergoing
processing or are intended for processing
after transfer may take place only if, without
prejudice to compliance with the national
provisions adopted pursuant to the other
provisions of this Directive, the third country
in question ensures an adequate level
of protection.
European directive (1995)
rsiliation
ou may discontinue your
use of Google services
at any time. You agree
that Google may at
any time and for any
reason, including a
period of account
inactivity, terminate
your access to Google
services, terminate the
Terms, or suspend or
terminate your account.
In the event of
termination, your
account will be disabled
Immediatly (for
Amazon) in some
cases (hacking,
inappropriate
content, etc.)
5 or 15 days (after
a notice) (for
Amazon) in other
cases (as payment
problem)
3. responsabilit
bruce schneier
pas de responsabilit
pas de scurit
2 sortes de prestataires
1 simple
hbergeur
2
garde
responsabilit
ISP (Internet Services Provider) (Hosting
services)
Definition.
General exemption Regime
76
ex.
affaires eBay
avril 2008 en France = Hermes v. eBay
(lire Manara )
pas un diteur
pas un hbergeur
au milieu = responsabilit de lhbergeur
renforce
78
responsabilit
custody services
79
4. prp
vie prive =
attentes
Winston Churchill
des
du prestataire
de lutilisateur
institutions
lui-mme
lui-mme
publiques
privacy
obligation d'information
26.Quiconque confie un document technologique un prestataire de
services pour qu'il en assure la garde est, au pralable, tenu
d'informer le prestataire quant la protection que requiert le
document en ce qui a trait la confidentialit de l'information et quant
aux personnes qui sont habilites en prendre connaissance.
Le prestataire de services est tenu, durant la priode o il a la garde du
document, de voir ce que les moyens technologiques convenus
soient mis en place pour en assurer la scurit, en prserver l'intgrit
et, le cas chant, en protger la confidentialit et en interdire l'accs
toute personne qui n'est pas habilite en prendre connaissance. Il
doit de mme assurer le respect de toute autre obligation prvue par la
loi relativement la conservation du document.
(garde au Qc)
catgorisation de
linformation
catgorisation de
linformation
5. droit international
premire tape
lire le contrat
toujours prsent
toujours la loi du prestataire (moins cher)
toujours la cour prestataire (moins cher)
arbitrage peut tre une bonne solution
seconde tape
si rien dans le contrat
chercher ensuite le droit applicable
3112 CCQ et le lien de connexit
le plus troit.
troisime tape
6. proprit
mais
conclusion
pas si nouveau
lire le contrat
rdiger des documentation pour montrer
la diligence (peut aller jusqu des audits)
identifier la personne en charge des
donnes mises en cloud
comprendre que le cloud est un processus
work-in-progress
etc.
6
Enjeux juridiques de linfonuagique
professeur titulaire
directeur du CRDP
facult de droit
universit de montral
chaire Wilson
www.gautrais.com