Photo credit: very. fast. internet. Connection by ChrisDag
Gartner and IDC predict a creation of 14 million jobs related to the cloud by 2015 with $1.1 trillion of USD per year in revenue. While these firms have a different vision for the location of those jobs, the overall number is a good omen for these difficult times.
Mexico is the most equipped country for cloud services in Latin America, and 14th of the world, according to the BSA. Together with a growing automotive/aerospace industry, the cloud market will have a boom in the near future.
Beyond the general key points of any type of services through the internet, cloud services have some topics that require specific legal attention:
1. Trademarks, Copyrights and Patents. Mexico, as many countries, has a very broad legal framework and has executed international treaties for protecting trademarks, copyrights and patents. However, in terms of enforcement of that property, some problems may appear in reference to those properties, especially when the internet is in the middle. For example, Mexico does not accept software patents and has no remedies fast enough for the internet era. Whether providing storage in Mexico or abroad, a possible problem would be conflict of distribution rights for digital assets, since characterization as “sale” or “rent” may lead to severe legal problems. In addition the approval of the Madrid Protocol accepting the international trademarks, as well as the ongoing debates at the congress on SOPA-like laws, may put some limits on all online interactions.
2.Telecom Regulation. Some cloud services may require registration as value added service (VAS). As a consequence, a registration filing has to be presented. In the near future, regulation may change. The Mexican Government is trying to catch up with the IT future with its Digital Agenda (issued on April 2011) setting actions for increasing the use of cloud-based apps and infrastructure in automotive, aerospace, electronics and medical devices. Federal Telecommunications Commission (COFETEL) reserved $1M USD of its 2012 budget for a report on public policy for the cloud services.
3.Data Protection and Security. Personal Data Protection Law, and other specific rules for information in possession of qualified third parties, like banks, Notary Publics, trade secrets and other similar cases, determines privacy in Mexico. There are no rules for security requirements, except in banking services and those do not refer to cloud services yet. A lack of data protection law (except personal data) or general privacy law, as known in other countries, puts at risk providers and clients of cloud services. Therefore, data protection and privacy rules for services have to be specifically and clearly set forth in the cloud services agreement, transferring such obligations to employees working for cloud service providers.
4.Damages.As a general rule, damages in Mexican Law only cover actual damages and loss of profit. No other type of damages can be collected. Another problem associated to damages is to fix value on digital assets in case of theft or loss. Conventional penalties may play a better role in covering damages, but they need to be agreed by contract with a statutory limit up of the amount of consideration paid in the agreement.
5.Export Incentives.Mexican companies providing services to companies located abroad, are eligible for export incentive program IMMEX. This program allow such companies to import equipment without paying 16% VAT and other import duties, as well as not charging such VAT when selling, along with other benefits.
6.Jurisdiction and Cross-border transactions.Cloud services use resources when needed, where needed, for the required volume. Similarly, cloud services are architected for redundancy. So, jurisdiction plays a key role for cloud services. Typically, copies of data exist simultaneously in different data centers, sometimes located in different countries, and data is typically transferred from one data center to another, usually in connection with shifting workloads, without the knowledge of the customer. For lawyers, change of jurisdiction is a change of the rules of the game. Thus, if you are a cloud services customer based in Mexico, does your data leave Mexico and if so, to where, and what levels of protection, in terms of privacy, extra-judicial access to your data, and intellectual property rights should you expect in those jurisdictions? Conversely, if you are a customer not based in Mexico, is your data transferred to data centers located in Mexico, and similarly, what level of protection should you reasonably expect under local law. If you are contracting with a U.S.-based cloud services provider, if the data center is located in Mexico, bear in mind that such provider will need to comply with both local laws and U.S. laws. Accordingly, contractually obligating the cloud services provider not to transfer data from Mexico may clear up a number of issues, but as intimated above, the analysis does not stop there. The next ITU World Conference to be held in Dubai next December 2012 may answer some questions on internet governance and define some rules about jurisdiction.
Meanwhile, if you believe not to be ready for taking some rain from the cloud business in Mexico, maybe it is time to start asking the right questions to the right people.