The search for a silver lining
In September, Neelie Kroes, the European commissioner for the digital agenda, will publish her long-awaited strategy for cloud computing, amid fears that Europe could already be falling behind as technology takes another leap forward.
Internet firms have been hailing cloud computing as the next big thing for several years, promoting its cost-saving benefits for customers as they try to win a share of the emerging business.
The stakes are high. Cloud computing could revolutionise the way businesses work and could expand significantly the extent to which the internet shapes people’s lives. Cloud computing means that data – such as email, text files, music and photographs – is not stored on a personal computer or server owned by the individual or organisation, but is instead sent to the ‘cloud’ – or, more precisely, huge data centres owned by different companies around the world.
The benefits are huge, both in terms of cost and convenience. Firms – especially small and medium-sized businesses – would save money because they would be outsourcing IT maintenance, and because the amount of ‘cloud space’ they could buy would be flexible; they could increase or cut the capacity of their data storage as they needed it.
Convenience could be an even stronger attraction. No longer will people have to be at the computer where a file is stored. They will be able to gain access to data from anywhere there is an internet connection. Files such as medical records and professional qualification certificates will be available anywhere internationally, which could give new impetus to the EU’s single market. Cloud computing also challenges copyright legislation: listening to music and watching films stored in the ‘cloud’ at the touch of a button is already commonplace.
However, the European Commission knows that it has to proceed with caution. It wants to promote cloud computing because it recognises the economic benefits, but realises that the development raises important questions about data protection and security. The prospect of huge amounts of sensitive data being transferred to centres across the world could encounter resistance. Winning public trust may be the biggest hurdle to overcome.
Kroes is aware that, faced with these significant technological changes, the Commission needs to have a plan. She told the European Internet Foundation in March that policymakers have to come up with a coherent strategy for cloud computing to ensure that this crucial step in internet use “happens not to Europe, but with Europe”.
A swathe of new legislation should not be expected, however. Kroes is a liberal by nature, and she has already warned of the dangers of over-regulation in this area. She is likely to take heed of industry warnings that too many obstacles placed in the way would threaten the EU’s ability to take advantage of these technological advances.
The strategy is not expected to propose any specific legislation at this stage, but rather set out a plan of action for a legal framework that promotes cloud-computing development. This includes the measures needed to complement the data protection regulation proposed by the Commission in January, and calls for the EU to explore agreements with countries such as Japan and the United States over the treatment of data.
The strategy will also set out the action needed to ensure inter-operability and standardisation of cloud services – to ensure that users are able to choose to move their data away from one cloud service to another without being ‘locked in’ to one company.
Mark Lange, senior policy counsel at Microsoft, said that, if cloud computing were to be successful, people would have to have complete trust that data was used in the right way. “Everybody needs to ask questions about transparency, security, privacy and to know that they are in control of their data,” he said. “The Commission is setting the terms of this discussion.”
The headache for regulators is that data stored ‘in the cloud’ is often spread out across more than one data centre, often in different countries. The Commission wants users to have the same level of protection no matter where the data is kept. It will seek to develop ‘model contracts’ for cloud providers to give more legal certainty to users over how their data is used. This is aimed at giving some assurance that, no matter where the data is held, it will have the same level of protection as where the user is based – and that cloud companies will be made accountable if there is a problem.
The risks were set out earlier this month when Europe’s national data protection supervisory authorities issued a report on the issue of cloud computing. The ‘Article 29 Working Party’, made up of the national authorities, the Commission and Peter Hustinx, the EU’s data protection supervisor, acknowledged that “the rise of cloud computing services can trigger a number of risks, such as the lack of control over personal data and insufficient information regarding how, where and by whom data is being processed”.
In the report, published on 1 July, the group said: “By submitting personal data to the systems managed by the cloud provider, cloud clients may no longer be in exclusive control of this data.”
There is a long way to go. Many details set out in the cloud-computing strategy will raise questions about cross-border data security. However, there is a growing belief that the cloud-computing tide cannot be held back, and, as Kroes said, Europe has to move with it rather than be pushed along by it.
In the cloud
Cloud computing is expected to be the most significant change to the way businesses and individuals use the internet since email and other web services became widespread nearly two decades ago.
Although the term may be relatively new, many people have been using the ‘cloud’ for many years through web-based email services. Rather than being stored on the computer’s hard drive, emails, documents and photographs are stored in the ‘cloud’ – big data centres owned by some of the world’s largest technology firms.
The European Commission and national governments are keen to promote cloud computing because of the amount of money it could save small and medium-sized businesses. Cloud computing creates economies of scale: holding data in huge centres scattered all over the world works out cheaper because it allows businesses to pay only for what they need. Also, there are no additional hardware maintenance costs.
However, the global nature of cloud computing has increased calls for new rules on how data is kept secure, particularly when it is transferred across borders.