Europe Aims to Regulate the Cloud

The words “cloud computing” never appeared in a 119-page digital privacy regulation introduced in Europe last year.
They do now.
Even before revelations this summer by Edward J. Snowden on the extent of spying by the National Security Agency on electronic communications, the European Parliament busied itself attaching amendments to its data privacy regulation. Several would change the rules of cloud computing, the technology that enables the sharing of software and files among computers on the Internet.
And since the news broke of widespread monitoring by the United States spy agency, cloud computing has become one of the regulatory flash points in Brussels as a debate ensued over how to protect data from snooping American eyes.
Cloud technology has become a routine part of digital life, whether it is used for Web-based services to send e-mail or store photographs or to warehouse troves of business or government records. It has enabled the convenient sharing of data among mobile devices and enhanced the ability of people to collaborate and share documents. It has also cut the cost of doing business.
But transmitting data among mobile phones, tablet computers and clouds, even while encrypted, makes it more accessible to snooping.
The European Union wants to regulate the cloud even if that makes its use more complicated. One proposed amendment would require “all transfers of data” from a cloud in the European Union to a cloud maintained in the United States or elsewhere to “be accompanied with a notification to the data subject of such transfer and its legal effects.”
Another amendment takes it further, barring such transfers unless several conditions are met. Not only must consent be provided by the subject of the data, but the person must be “informed in clear, unambiguous and warning language through a separate and prominently visible reference” to “the possibility of the personal data being subject to intelligence gathering or surveillance by third-country authorities.”
Lawmakers are also proposing to revive an amendment that American diplomats largely succeeded in getting dropped from the original data privacy regulation that would impose guidelines for handling court orders from countries outside the European Union. The amendment requires the operator of data servers to inform both a local “supervisory authority” as well as the subject of the request, which could run afoul of American law.
And there are other potential conflicts between European and American laws. The European Commission is considering imposing sanctions on companies that turn over records to American law enforcement authorities if the move violates European privacy regulations.
While policy-making on cloud computing is proceeding on more than one track in Brussels, the tracks all appear to be heading in the same general direction: a more robust regulatory regime delineating how data is handled and released. Policy makers hope to have a new regulation in place before the European elections next May.
The stances from politicians across the European Union are similar.
“We need to realize that European citizens will not embrace the cloud if they are worried for their privacy or for the security of their data,” said Neelie Kroes, the European Commission vice president in charge of telecommunications and information policy, in a statement.
Viviane Reding, the European Commission’s justice minister, said in her own statement that she wanted to see “the development of European clouds” certified to strict new European standards.
She said that European governments could promote such a move “by making sure that data processed by them are only stored in clouds to which E.U. data protection laws and European jurisdiction applies.”
“For the private sector, such European clouds could become also attractive as they could advertise, ‘These are European clouds, so your personal data is safe,’ ” she said.
Some have gone further. Thierry Breton, a former French finance minister and the chief executive of a French information technology company called Atos, has proposed what he called a “Schengen for data,” referring to the law that allows citizens within the euro zone to cross borders without a passport.
But creating a virtual free trade zone for data — if such a thing is possible — raises questions about what happens outside that zone. A spokesman for Mr. Breton, who is on a panel advising the commission’s strategy on cloud computing, said that his statement was “not about protectionism” but about ensuring “customers will receive the proper level of guarantees in terms of data protection and access across Europe.”
 
By Danny Hakim
Source and read more:

0 yorum: