I've written several times about how the US Patriot Act can make it difficult for American cloud services vendors to sell their services in the European Union. Some of them have been trying to circumvent the issue by installing new datacenters in the EU, but the fact is, most EU corporations not only want their data within the Union, but within their own country -- and possibly the same city. Also, government agencies can’t store any data with foreign suppliers.
Last week, I had the opportunity to talk with Jason Currill,
CEO of Ospero Ltd, a leading European cloud and hosting provider headquartered in the UK. Ospero has datacenters in 23 countries, 16 of which are EU countries. Mr. Curril told me his company has benefited by offering the security and privacy required by the new EU regulations where the big names of the cloud (Google, Microsoft, and Amazon) are not able to comply.
As we've already discussed in many other posts, US cloud
providers have enough problems trying to sell services abroad -- and
domestically -- thanks to the Patriot Act. But now, some European corporations are stealing business from their American competitors by claiming that they can offer protection against government snooping.
European privacy laws are tougher than the US counterparts,
but storing data on an EU cloud provider does not guarantee secrecy against government requests. While the Patriot Act is constantly invoked to express the belief that US spies have greater access to personal data in the cloud than in other countries (and that "local clouds" are the solution), the laws of Australia, Canada, Denmark, France, Germany, Ireland, Japan, Spain, and the United Kingdom also allow government agencies access to cloud data -- albeit with more judicial control.
The recent Google Transparency Report indicates that the US government's appetite for private data jumped 37 percent last year, mostly from police and government positions without judicial control. While the reasons for those requests are not disputed, the trend is uncomfortable for Europeans, who, as reported by many studies, value their privacy more than their American counterparts.
Even though European firms are happy to continue claiming
more security, the real question is compliance. Most European countries insist that sensitive data is stored within their borders, not just in the EU. And that’s where most American corporations fail to comply.
Mr. Currill said his company is able to work with many public administration entities in several countries because they offer local cloud services and hosting. “Amazon and others thought that installing their servers in one EU country (Ireland) was enough. They are wrong,” he claims.
EU Commissioner Vice-President Viviane Reding had to cry
foul late last year when she saw the advertising of an EU Cloud Computing service suggesting that its geographic location would protect data from the reaches of the US Patriot Act. But most European corporations today don't want to risk compliance issues and are happy to have their data locally, even if that means, as one writer puts it, "the fuzzy Internet cloud becomes a series of neatly divided gas bubbles."
Neelie Kroes, Vice-President of the European Commission and leader of the commission's Digital Agenda, wrote in a recent blog post:
Given the boost this brings, by 2020, the cloud could be worth a significant proportion of our economy -- equivalent to a few hundred euros per citizen. But only if we get the framework policies right.
I think you shouldn’t have to have a law degree to
use these services with confidence; nor face protracted and expensive contract negotiations each time. And you should be able to easily change providers if you find a better offer.
I’m determined that we find a European solution to
this: for maximum economies of scale. National rules would constrain clouds to national borders, with all the frustration that involves when you and take your data or services across a border. My ambition goes beyond that.
In September, the European Commission launched its plan to find that new "European solution" Kroes spoke of.
What are your predictions? Will the impact of conflicting international privacy and security regulations injure American cloud services vendors? Will that impact change your own organization's cloud decisions? Let us know in the comments below.