23 May 2011
The idea of siphoning computing power from afar – a concept called “cloud computing” – has been in active development for much of the past decade. But it’s still a relatively new industry and one that is causing intense headaches for EU regulators, who are troubled by issues of privacy and jurisdiction, including tough questions about who owns information and who bears responsibility for how European laws are applied.
Anyone who uses Gmail, Flickr or other services where the data is not saved on their computers is already taking advantage of cloud computing. Businesses are increasing switching their entire networks to such internet-based systems. While it saves money, it also means that personal data can essentially be stored anywhere in the world and that the ability to reach it depends solely on the cloud provider working properly. It’s a potential privacy and logistical nightmare.
Still, the economic argument is striking: The Centre for Economics and Business Research predicts that Europe’s five largest economies could save €177bn each year for the next five years if all their businesses were to switch over at the expected rate.
In response to the new business possibilities and in an effort to head off the impending privacy concerns, the EU executive is putting together its first cloud-computing strategy. The target for completion is next year, and there’s a sense of urgency to get the ground rules in place as quickly as possible.
“Normally I prefer clearly defined concepts,” Neelie Kroes, the EU’s top official responsible for information technology and the digital agenda, said as she announced the unveiling of the EU’s cloud strategy in January. “But when it comes to cloud computing I have understood that we cannot wait for a universally agreed definition. We have to act.”
Legal storm clouds
Last year, western Europe accounted for less than a quarter of the $68bn spent globally on cloud-computing services. That leaves plenty of room for the technology to expand in Europe, but it’s the privacy issue that is likely to prove the biggest hurdle to a rapid and successful expansion. One significant problem is that there’s no way for a user to verify where their data is sitting, whether on a server in Sao Paolo, Siena, Singapore or Seoul.
This raises a particular problem for EU member states, who under EU law can only send personal data outside EU borders if the receiving country meets “adequate” privacy standards. It’s also unclear under EU regulations whose privacy laws would apply in any dispute where the end-user, the cloud-provider and the actual data servers are all in different countries.
For that reason, the EU’s 27 member states are first trying to align their privacy laws and close jurisdictional gaps. Determining whether to trust can be tricky for customers because providers are wary of disclosing their exact security infrastructure, arguing that to do so would make them more vulnerable to cyber-attack.
Another current disadvantage is that customers do not have much bargaining room with cloud providers, according to a study conducted at Queen Mary, University of London. As with electrical companies or other utilities, it’s “take it or leave it.” EU regulators have taken note of the potential issues.
However the regulation shakes out, big computing companies like Microsoft say cloud computing will be the next big thing for Europe and the rest of the world. Microsoft believe so, as 70 percent of Microsoft’s research and development funds are already devoted to cloud computing, with the figure expected to rise to 90 percent soon.