by Gordon Hull
Cloud computing – where users keep their data (and often their applications) online - poses significant theoretical and regulatory problems. Many of these concern jurisdiction: it’s very hard to even know at a given moment where data is kept, and it’s often unclear (in the case of privacy, for example), which jurisdiction’s privacy and data protection rules should apply (the one for the data subject? the company that collected the data? the companies processing it? etc.). Not only that, U.S. and EU law are wildly inconsistent on the point, even though any large big data company has to serve multiple jurisdictions.
A recent piece by Paul M. Schwartz does some valuable work disentangling these issues; here, I want to focus on one moment. Schwartz notes that cloud computing will likely induce significant changes in how firms are structured, and how they structure their data handling. Back in 1937, Ronald Coase proposed that companies will decide between doing something in house and outsourcing it based on a comparison of the costs of each. If it’s more efficient to do something in-house, using the hierarchical control structure of the firm and avoiding the complexities of dealing with markets, that’s what we can expect. If, on the other hand, it turns out that it’s more efficient to hire somebody else to do the job, we can expect companies to do that. Companies have to balance the difficulties of managing a project in-house versus the costs of negotiating contracts with independent vendors.