I read this article about someone suing Apple because Apple did not disclose that Apple might store iCloud data with Amazon or Google and they were somehow harmed because they paid Apple a premium for iCould storage under something akin to false pretenses. Well it’s time to set the record straight kiddies.
The data industry and all legal people involved with it need to adjust to this simple fact: If a company encrypts your data and then processes your data using someone else’s hardware, the company is the ONLY entity involved with your data.
Every year since 2007 I have regularly negotiated dozens of agreements with data privacy and commercial attorneys at very large companies to process the personal data of some of the most powerful and famous people in the world. Very often the “other side” is operating under the false impression that vendors will protect their data against all loss and that vendors will compensate the customers for all of their losses if the data is lost/corrupted/breached/etc. This appears to be the same impression the general population, and more specifically, the litigants in this Apple iCloud suit, are operating under.
These people are all simply wrong. Apple is doing this correctly and I applaud them for setting the proper standard in the industry. The amount of time, energy, and money spent every year trying to improperly* hold companies accountable for their sub-processors’ activity is literally incalculable. The industry needs to adjust and move on to more productive uses of their resources.
Enjoy the mini legal lesson below.
* It is ALWAYS proper to hold a company responsible for their sub-processors’ activity if the company does not encrypt the data being processed by a sub-processor. That situation is Something Different.