Europe wants the European consumers and industry to benefit from cloud computing. It has the potential of dramatically changing the way company’s provision their IT needs as end users; it is inherently more efficient. Cloud computing can bring significant benefits to many sectors of the economy, driving growth, productivity and trade. Gartner, the industry analysts, predict that in 2014 worldwide cloud services revenue is projected to reach US$ 148.8 billion.
Proposing the right regulatory environment is of course the main tool the European Commission has at its disposal for stimulating cloud computing in general and more particularly for an indigenous European cloud industry.
However, this is not a simple task. Regional legislation is often relatively ineffective in the face of a global Internet service such as cloud computing. What Europe needs is not new cloud computing legislation but a more harmonised application of rules at European and global level.
The strict data protection rules in Europe are often cited as a break on the development of a cloud computing services. Providers of cloud computing services operate globally and accommodating different data protection rules is problematic. The strict EU rules also put European providers at a disadvantage vis-à-vis their American and Asian competitors.
So how can you find such an enabling regulatory regime without compromising some consumer rights we hold hear in Europe? Telefónica believes it is possible to square that circle although eventually we need a global approach.
Data protection rules are a reflection of the cultural values in Europe. They are widely supported by consumers and politicians alike. Cultural values can’t be changed that easily. And Telefónica doesn’t believe that an overhaul of the data protection framework is currently required for the Digital Single Market for cloud computing services to succeed. What is needed is that the current framework gets applied flexibly; that divergences in implementation between Member States are limited to a minimum and that the framework should be simplified in some areas.
For example, it should become much easier to transfer data to companies outside the EU, not just to companies within the “same group of companies” but to any company. In the public consultation Telefónica has proposed that we should further develop a system of “European Safe Harbour Agreements”. EU companies should be allowed to transfer data to any company outside the EU who processes and protects personal data in line with EU standards. The EU could issue certificates to such companies as part of such a European Safe Harbour Agreement.
Of course it would be desirable that all on-line service providers that provide services to EU citizens would apply EU data protection standards irrespective of where they are located. However this is an unrealistic goal, at least in the short term. What is required urgently instead is maximum transparency by cloud computing providers so that European customers are aware of the level of service they contract into.
In the medium to long term we should aim at finding a structural solution by developing “global data protection standards” but at the moment that is unrealistic.
We believe that it is possible to allow European cloud businesses to flourish whilst at the same time guaranteeing an effective and uniform protection of users’ privacy. However, without the above and others modifications, which don’t imply a lowering of data protection standards, European cloud providers will be at a disadvantage to providers from the US and Asia.
You can have a look at Telefónica response to the EC consultation on Cloud Computing here.
Rocío Martínez Hernández Piqueras, Manager, Regulatory Department, Telefónica S.A.
Javier Alonso Lecuit, Strategy and Regulatory Services, regulatory Department, Telefónica S.A.