Cloud adoption hampered by cow data protection?


This article is part of our special report Data protection.

The divergent application of data protection laws in the EU, one of which includes the protection of livestock, is one of the many obstacles the European Commission faces as it tries to boost cross-border cloud adoption.

"The major problem for cloud is the different implementation of the Data Protection Directive in different member states," a Commission source said.

The European Commission is currently rewriting rules on data protection and data retention to try and get countries' varying laws closer together, the source said. The current directive will be morphed into a regulation which will be directly enforceable on member states.

An industry consultation earlier this year mirrored the official's concerns.

"Online service providers now routinely handle the data of citizens from multiple member states, and often process personal data in multiple markets in and outside the EU," Microsoft recently outlined in a Commission consultation on cloud computing.

"In doing so, they often find themselves subject to different, confusing, and sometimes conflicting national rules," the company stressed.

Under the most extreme examples, personal data is not even allowed to leave the territory, negating any benefits of cloud services which rely on a ubiquitous service.

Greece's implementation of the Data Protection Directive has muddled providers that are not sure whether they can or cannot transfer data outside Greek territory.

An assessment from the European Commission last year dubbed the Greek law "a restriction affecting the free flow of personal data between the EU member states."

In addition, the country's implementation of the Data Retention Directive includes a requirement that data and servers are located inside national borders.

Cow medical records

Luxembourg's law recently presented a Dutch entrepreneur with an unusual obstacle. Remi Caron was working on a project that would require the transfer of cow medical records outside the country, something which he learned was not possible under the country's broad reading of the Data Protection Directive.

The European Commission insists, however, that its laws are written for "natural persons."

Under Finnish and Swedish law on public entities, there are security restrictions preventing the provision and use of cloud services, according to law firm Bird & Bird.

The firm which routinely handles cloud cases also laments the many different definitions of data controller and data processor in different EU countries' interpretations of the directive.

France, Germany stop the cloud at borders

In France, a draft law threatens to hamper cloud services. In June, French authorities suggested that cloud computing operations located outside the EU would be barred from processing sensitive data.

In Germany, a country with a delicate history of data surveillance, some data protection authorities argue that the storage of personal data outside Germany is unlawful.

The data protection authority of Schleswig-Holstein, Germany's northernmost province, recently said that many transfers of personal data in connection with cloud computing would not satisfy requirements under national data privacy laws.

The European Commission says it plans to eliminate any doubt companies may have on data transfers to other member states and to third countries.

The review will also reform the powers of data protection regulators, some of which, like the Czech authority, are prevented from handing out fines.

The term 'cloud computing' describes a whole range of infrastructure, software, data or applications residing in the 'cloud' – that is to say, off your own premises and accessed via the Internet.

A study carried out by the University of Milan, published in 2010, estimated that cloud computing has the potential to create 1.5 million new jobs in Europe over the next five years.

While businesses and governments tout the benefits of cloud computing, EU regulators have been more wary, as further use of cloud systems would mean a large swathe of public and commercial data would migrate to servers possibly located outside the EU.


Subscribe to our newsletters