EU’s digital agenda on Cloud computing: building a European cloud partnership
A lot of discussion has been going on about the announcements on data protection by Viviane Redding (data protection reform proposal and “EU-US COOPERATION ON DATA PROTECTION: TOWARDS A NEW GOLD STANDARD”) and the announcement of Neelie Kroes on the so-called “European Cloud Partnership”.
I have seen comments in blogs and media articles covering a broad range from protecting European service providers to imposing fines on companies to get some money in. Very few comments have been in favor of the suggested changes. This might be no surprise but there seems to be one common denominator. Changes are needed. The current setup lacks clarity and creates FUD (fear, uncertainty and doubt). The one thing that created a lot of confusion was the call for the European Cloud Partnership.
The message received (wrongly, I might add)
I had a lot of discussions with cloud experts as well as legal experts over the course of the past months. One thing that seemed quite dominant in all the discussions that the idea to create a European Cloud in an own context “from Europeans for Europeans” does not make much sense. It sounded like the commission did not really get what a global business means and requires. Especially in a world where growth is the only measurement that counts a European only business would mean a significant loss of target market. A company would not be able to have a subsidiary outside of the EU and especially in the U.S.A. Such a provider would not be able to support customers that act outside of the EU themselves. So overall it sounded like a strange idea. But the question is whether the message received matches the message sent?
The message sent
I can only recommend taking the time to listen to Neelie Kroes’ video and to read her announcement.
Mrs. Kroes explicitly states that there is no interest in creating a protective practice through this Partnership program. It is about a completely different topic. It is focused on public sector and the creation of a set of service definitions and procurement rules that enable the public sector in the EU member states to take a step into the cloud. It even mentions the idea that this could be driving factor for harmonization and standardization across member states, which would be a great result if you ask me.
While this effort is very focused it shows that there is willingness to include the industry. Rather than defining standards on their own the commission is inviting the industry to take part and even sponsors the EU cloud partnership program.
What does that mean bottom line?
Most of the reports in the media mix up the announcements. While the several announcements do indeed cover cloud computing either at their core or in the results, it is clear that they need to weighted separately. I do believe actually that the EU has understood that cloud computing cannot be stopped anymore and on the contrary to some data protection officer in Germany they take action to enable participation. While some of e.g. Germany’s data protection officer call all cloud services and especially everything that involves the U.S.A. evil the EU seems to have understood that enabling European businesses and making them stronger includes enabling them to participate.
Already some players prove to be on the right track by complying with not only the Safe Harbor Act but e.g. also the so-called EU Model Clauses. Microsoft as an example fully supports these standard contractual clauses for their Office 365 offering.