451 Research

No Cloud is An Island: Subtleties of EU Data Legislation and the Effect on Service Providers

Add Your Comments

Many of the recent EU discussions regarding new data retention and privacy laws are being fueled by the backlash of the European Court of Justice right to be forgotten decision in May. The court case is creating confusion and complications forcing EU authorities to look at several aspects of cloud providers and regulations.

Similar problems could affect the US as right to be forgotten laws such as the one recently passed in California. It may be slightly easier to determine a path of action due to US federal jurisdiction although states may still try to enact laws that could create the same types of issues being dealt with across Europe.

Last week the WHIR spoke with Rory Duncan, Research Director, European Services of 451 Research Group. He is well-versed in the European cloud and hosting market, with a 20-year career in the technology industry, working for such companies as SAP, IBM and Adobe.

As an analyst for almost 10 years, his focus is on emerging trends and technologies. Duncan is moderating a panel of industry experts at the upcoming ResellerClub presents HostingCon Europe 2014 in Amsterdam, Netherlands on Oct. 14 and 15 where they will discuss the state of the European cloud market.

“Legislative issues are key to any discussion or observation of the hosting market in Europe. And that’s because there’s a combination of industry specific legislative issues which are common to most industries, international as well as in Europe. But also there’s legislation stemming from the European Union laws, the 28 member states as well as local legislation relating to things like privacy and data protection,” Duncan says.

“So part of this is about understanding this and being informed about it particularly as a hosting or service provider and then secondly, how do you interpret that and how do us ensure you’re complying with both the local or federal laws as well as EU laws, and how that then translates into the service you can provide your customers.”

If a company tries to expand within Europe there are multiple levels of compliance to meet. Most countries have organizations of service providers designed to keep companies up to date on the latest regulations within local areas as well as the EU. Many of them meet at global and European industry conferences such as HostingCon to discuss the state of current legislation, compliance issues and attempts to shape the future through interacting with governments and agencies.

“As a service provider if you’re operating in one country…so you have all of your data centers in Germany and all of your customers in Germany and all of your data is stored there, in a way it makes things a lot easier,” Duncan says. “It’s strange that a cloud provider would consider centralizing everything in one place, because that seems to be a little contradictory inasmuch as the cloud can be flexibly located, pooled from different places and delivered via points of presence in different countries, very much like the AWS model for instance. ” The problem with Europe is the number of service providers that fall into this category are relatively few.

“The challenge there is that you’re dealing with multi-jurisdictional security and compliance issues,” Duncan says. “However it’s the continuing fear, uncertainty and doubt about shared services and allegations of spying or allegations of snooping or privacy infringements that have got many of the European countries, particularly France and Germany, quite concerned about [cloud]. If you were to go to the average German CEO or CTO and mention that as a service provider you were partnering with an international vendor or international cloud service provider, which many of them do, it’s often the first way to have the door shut in your face because it’s considered to be too risky.”

Germany has some of the strictest data laws in the EU. This is one of the main reasons that companies such as Amazon and Microsoft may choose to open a data centers in a specific country.

“A lot of this is purely about uncertainty. Because in many ways the legislative issues and data protection issues are not about protecting us from unknown incursions by foreign governments or whoever, it’s to help protect us against unscrupulous marketers or fraudsters as well as the hackers,” Duncan says. “I think that’s the most disappointing thing about this aspect of it is at the end of the day, if a foreign government were to spy on your data or email, you would never know about it generally unless you were doing something bad. If a hacker gets in or does a DDoS attack, it’s usually pretty destructive. Really we should be focusing more of our attention on that; cloud security, two factor authentication, tokenization and so on.”

Duncan is hosting a free webinar on the European cloud market in advance of the HostingCon event. On Oct. 7 at 9 am EST Duncan will discuss “Emerging, Converging & Diverging: European Hosting Market Dynamics in 2014”.

Add Your Comments

  • (will not be published)