EurActiv Logo
EU news & policy debates
- across languages -
Click here for EU news »
EurActiv.com Network

BROWSE ALL SECTIONS

Overbearing data protection rules threaten cloud computing

[fr]
Printer-friendly version
Send by email
-A +A
Published 22 July 2013, updated 23 July 2013
1 comment
Tags
cloud computing cloud strategy data protection regulation

A policy debate is raging in Europe over cloud computing and those who want to bind the cloud in over-prescriptive regulation threaten to prevent the benefits of the new technology being felt, argues Thomas Boué.

Thomas Boué is director of government relations for Europe, the Middle East and Africa at the Business Software Alliance, a trade association.

A quiet battle of wills has broken out among European policymakers who are pushing competing visions for how to capitalise on the most significant wave of innovation now underway in information technology: cloud computing.

All agree that by creating a new, more efficient architecture for computing, the cloud offers vast economic benefits. It lets enterprises avoid the cost of buying and maintaining some of the IT hardware and software they need to run their operations. Instead, they can have their computing resources delivered over the internet, as infinitely scalable services. For established companies, this creates cost savings that can be reinvested in the core business. For smaller start-ups, it represents one less obstacle on the path to growth.

But while some rightly see the cloud as an opportunity to accelerate commerce and expand global trade in digital services, others harbour more protectionist urges, focused on creating a European fiefdom in the cloud at the expense of global scale.

Europe’s data protection rules lie at the heart of the cloud computing proposition. The path European policymakers take will determine the extent to which Europe’s citizens and industries can take advantage of the global economic potential of the cloud. MEP Pilar Del Castillo (Spain; European People’s Party), in her report on the Commission’s cloud strategy, “Unleashing the Potential of Cloud Computing,” rightly points out that the biggest growth opportunities for European firms are likely to reside outside the EU.

Such global growth is contingent on a policy environment in which European enterprises can leverage digital technologies to do business wherever they find a market, and customers have access to the best technologies the world has to offer.

To that end, the draft General Data Protection Regulation must strike a better balance between privacy protections – which are unquestionably essential – and enabling digital technologies. One practical improvement to the Commission’s draft text would be to recognise context and risk in the definition of personal data. Different types of data, and different uses of data, carry different levels of risk and sensitivity. A context- and risk-based approach would ensure strong privacy protections are in place for truly sensitive user data, while making it easier for SMEs and businesses of all types and sizes to reap the benefits of innovative, data-enabled technologies by allowing data to flow through the global cloud – seamlessly and efficiently.

A global survey conducted by BSA earlier this year, benchmarking year-on-year changes in cloud-related laws and regulations in 24 countries around the world, found that many of Europe’s largest IT economies are falling behind other global markets in implementing cloud-friendly policies. Of the EU countries studied in the survey:

  • Germany was knocked into fourth place as the US rose to third in the rankings;
  • France and the UK dropped one place each to sixth and seventh respectively;
  • Italy dropped four places to 10th in the rankings, while Spain slipped two places to 11th; and
  • Poland slid one place to 12th.

Other countries, on the other hand, have lifted their games. Japan, Australia and the US top the global markets, and Singapore vaulted into the top five this year from 10th in the rankings in 2012.

There are lessons to be learned from these countries - about privacy and security laws that balance user protections and innovation; about encouraging investments in cloud research and development through modern intellectual property regimes; and about removing barriers to free trade so that cloud services can operate across national borders.

Policymakers must steer away from highly prescriptive, Europe-centric rules that could ultimately sideline the EU from the global cloud market. Any short-term benefits that might come from keeping the cloud within European borders could be easily overshadowed by the opportunity costs associated with losing access to foreign markets, should those countries follow suit with protectionist barriers of their own.

The cloud is a major economic opportunity, but to capture its full benefit policymakers must navigate in the same direction. A cohesive global marketplace will offer more value than the sum of its parts.

COMMENTS

  • Watch this US Congressional hearing from 2012 to see what BSA really thinks about EU privacy rights http://t.co/eq2sq2dfHD

    *) "the cloud offers vast economic benefits" - the Cloud offers savings on processing data on-premise. These are not worth the candle of sacrificing Europe's future data sovereignty, especially since most of the benefits are achievable without letting EU data outside EU jurisdiction - however that may exclude many BSA members

    *) "smaller start-ups, it represents one less obstacle on the path to growth" - modulo the risk of undetectable, unprovable, industrial espionage by any states which can see the data

    *) "a European fiefdom in the cloud at the expense of global scale" - the only significant benefit of "global scale" is global surveillance capability by those who control Cloud infrastructure

    *) "the biggest growth opportunities for European firms are likely to reside outside the EU" - misleading. EU protection of Cloud data and recognition privacy rights are universal will attract Cloud business to Europe, except from countries that don't respect universal rights or privacy rights of foreigners (and that mainly means the US under FISA 702).

    *) "strike a better balance between privacy protections – which are unquestionably essential" - empty weasel words

    *) "context and risk in the definition of personal data" - what "context and risk" applies to the all the metadata of US international and domestic phone calls? According to US law, these have no expectation of privacy whatsoever

    *) "A global survey conducted by BSA...found that many of Europe’s largest IT economies are falling behind" - a global survey by Vampiric Industries found that Europeans are falling behind in the global blood-sharing market by not exposing bare throats when the fall asleep..

    *) "could ultimately sideline the EU from the global cloud market" - what terrifies BSA is that the EU might decide to develop an industrial policy for indigenous Cloud computing - an EU Airbus to compete with the Boeing of Microsoft/Google etc. That is absolutely what EU should do, and the only policy that can truly protect EU data from spying by foreign intelligence agencies.

    By :
    Caspar Bowden
    - Posted on :
    24/07/2013

EurActiv reserves its right to remove comments regarded as offensive, racist, or homophobic as well as hate-speech in general. Spamming or posts with an obvious commercial character will be removed as well. Thank you for your understanding.

More on this topic

News

Brussels sees gold lining to cloud computingMusic rocks cloud computing debateCloud computing needs kick-start in Europe: Study

LinksDossier

Cloud computing: Leveraging the digital economy

Opinion

Companies must reap benefits of new EU data protection rules

Advertising

Sponsors

Videos

InfoSociety News

Euractiv Sidebar Video Player for use in section aware blocks.

InfoSociety Promoted

Euractiv Sidebar Video Player for use in section aware blocks.

Advertising

Advertising