European governments are working to spur growth among EU cloud providers by citing concerns over supposed lax U.S. privacy laws and tightening local regulations on data security.
A recent E.U. data protection proposal could require companies to employ a data protection officer and notify users within 24 hours of a data breach, reported Reuters. According to Bloomberg, France created a venture in November that labels cloud services “made in France.” The venture includes France Telecom SA and Thales SA, providing hardware, software and applications as a service. And the German government is working to strengthen data-protection rules to include the location of servers that house private data as a measure of security, the news service reported.
During last summer’s launch of Office 365, a Microsoft executive commented that the Patriot Act could be used to force the company to provide European-stored data to U.S. government officials, which seems to have spurred efforts by E.U. governments to discourage use of U.S. cloud providers. Bloomberg suggested that these measures are more about protection of money than privacy, since European companies stand to lose out to U.S. cloud providers on the lucrative cloud computing pie, estimated by Gartner to be worth $47 billion in Western Europe by 2015. InfoWorld’s David Linthicum seconded this notion in a column last week.
U.S. government officials called the E.U. warnings of lax U.S. privacy laws unwarranted. Kenneth Corbin at CIO reported that Bruce Swartz, deputy assistant attorney general, and Philip Verveer, deputy assistant secretary of state and U.S. coordinator for international communications and information policy, recently conducted a conference call in an effort to mitigate brewing controversy over U.S. privacy laws.
During the call, Verveer acknowledged the growing European market potential for cloud computing, but downplayed controversy over weak privacy protection in the U.S., CIO reported. The publication said Verveer explained that State Department representatives are in constant discussions about “data sovereignty and other cloud computing issues” with foreign officials, while Swartz cited the 2001 Convention on Cybercrime as evidence of U.S. cooperation on privacy issues.
Swartz said, “The Patriot Act really is in this context a red herring. It didn’t work a fundamental change in how we approach the issues of stored data,” CIO reported. But privacy advocates in the U.S. have suggested that this country’s privacy laws are inadequate and that tougher regulatory revisions by the EU could become de facto protocol for privacy in the global marketplace.
Do you think of the E.U.’s claims of weak U.S. data protection laws are justified or simply part of a PR campaign to promote E.U.-based cloud providers? Would U.S. cloud providers fare better by helping shape stronger privacy protection laws in this country?