This article is part of our special report Data protection.
New EU data protection rules could threaten growth in the high-tech cloud computing sector in Europe, says a report published yesterday (22 February) by a leading industry group.
However, it also finds that existing legislation across Europe is better-suited to support the expansion of cloud than many emerging economies including China and India.
The report ranks 24 countries by their "cloud-friendliness" depending on factors including data protection, cybersecurity and intellectual property rights. It was prepared by the Business Software Alliance, or BSA, a lobbying group whose members include Microsoft, Apple, Dell, Intel and Adobe.
The document criticises European Commissioner for Justice Viviane Reding's regulation proposal on data protection, presented last month, saying it "has the potential to undermine its benefits with new, overly prescriptive rules [that] threaten to undermine the economic advances that a truly global cloud can provide."
The criticism comes despite moves to water down the proposal to accommodate economic and security concerns raised by Commissioner for Trade Karel De Gucht, Commissioner for Digital Agenda Neelie Kroes, and the US government.
EU proposal 'too prescriptive'
Reding's legislation would require companies of more than 250 employees that hold personal information to assign a data protection officer, to warn the authorities of a data breach within 24 hours, and to establish documentation and security procedures for data processing.
BSA's director of government affairs in Europe, Thomas Boué, called the provisions "too prescriptive". "It's going to be a box-ticking exercise but will it protect the data? That remains to be seen," he said.
Boué said the numerous 'delegated acts' in the regulation – specific rules that have to be defined by the Commission at a later date – are creating "legal uncertainty" for IT firms considering cloud computing.
These delegated acts include the definition of "public interest" in data transfer authorisation; the conditions for children to grant their consent to sharing personal data; documentation and security requirements for data processing; and the "right to be forgotten".
Matthew Newman, spokesperson for Reding's office, downplayed the fears, saying the Parliament and national governments are involved in the process. "We always consult broadly before making proposals," he said.
More generally European countries rank high in the report for "cloud-readiness". In contrast, fast-growing emerging countries including China, India, Indonesia and Singapore "do not yet have any substantial data protection laws," the BSA report says.
The report claims this will limit the benefits these countries draw from cloud computing saying, "users will fully accept and adopt cloud computing only if they are confident that private information stored in the cloud, wherever in the world, will not be used or disclosed by the cloud provider in unexpected ways."
In recent years the information and communications technology sector has been expanding massively in emerging economies. The number of Chinese internet users reportedly reached over 500 million at the end of 2011 and it has been estimated that the country's ICT sector will nearly double in turnover between 2010 and 2015, reaching around €300 billion.