The Federal Trade Commission staff are seeking information on the business practices of cloud computing providers including issues related to the market power of these companies, impact on competition, and potential security risks.
In a Request for Information, FTC staff are seeking information about the competitive dynamics of cloud computing, the extent to which certain segments of the economy are reliant on cloud service providers, and the security risks associated with the industry’s business practices. In addition to the potential impact on competition and data security, FTC staff are also interested in the impact of cloud computing on specific industries including healthcare, finance, transportation, e-commerce, and defense.
“Large parts of the economy now rely on cloud computing services for a range of services,” said Stephanie T. Nguyen, the FTC’s Chief Technology Officer. “The RFI is aimed at better understanding the impact of this reliance, the broader competitive dynamics in cloud computing, and potential security risks in the use of cloud.”
Cloud computing, which is used by a wide range of industries for on-demand access to data storage, servers, networks, and more, is increasingly central to many areas of the economy. The agency has brought several cases against companies that failed to implement basic security safeguards to protect data they stored on third-party cloud computing services including recent cases involving the alcohol delivery platform Drizly and education technology provider Chegg. The FTC has also issued guidance to businesses on steps they can take to secure and protect data stored in the cloud. The RFI will allow the agency to gather more information and insights on cloud computing as a whole.
Among the topics the FTC is seeking comment on include:
- the extent to which particular segments of the economy are reliant on a small handful of cloud service providers;
- the ability of cloud customers to negotiate their contracts with cloud providers or are experiencing take-it-or-leave it standard contracts;
- incentives providers offer customers to obtain more of their cloud services from a single provider;
- the extent to which cloud providers compete on their ability to provide secure storage for customer data;
- the types of products or services cloud providers offer based on, dependent on, or related to artificial intelligence; and the extent to which those products or services are proprietary or provider agnostic; and
- the extent to which cloud providers identify and notify their customers of security risks related to security design, implementation, or configuration.
The public will have until May 22, 2023 to submit a comment. Comments will be posted to Regulations.gov after they are submitted.
Staff from across the FTC’s Office of Technology, Bureau of Competition, and Bureau of Consumer Protection are collaborating on this effort.