The European Union has announced a strategy to boost the use of cloud computing among its members in the private and public sectors.
This includes establishing standards for interoperability, data portability and reversibility, the development of model contracts, government spending on cloud computing, certification, and requirements for data protection, security, privacy and user rights.
The announcement immediately drew fire from the Software & Information Industry Association, the umbrella body for the software industry in the United States.
The nature of cloud computing is complex, so “it would be a mistake for EU or U.S. regulators to develop cloud-specific regulations in the area of privacy, security, consumer protection or intellectual property,” Mark MacCarthy, the SIIA’s vice president of public policy, told the E-Commerce Times.
“We will define what we think are necessary standards,” EU spokesperson Ryan Heath said. “But industry must actually develop and implement them, and then the marketplace ultimately decides what works and what doesn’t.”
The EU’s Plans for the Cloud
The EU plans to identify the necessary technical standards for interoperability, data portability and reversibility by 2013. It also will set up certification schemes for trustworthy cloud service providers.
Further, the EU will develop model safe and fair terms for cloud computing contracts, including service level agreements. These will make it easier for users to understand and enforce their rights, Kroes stated.
The EU is setting up a European Cloud Partnership between the public and private sectors to harness the public sector’s spending power to shape the European cloud market, help European cloud service providers grow, and deliver cheaper and better e-government. Members will consist of high-level procurement officers from European public organizations and key players from the IT and telecommunications industries.
Provisions for security are stiff — data must be stored either in the European Economic Area or in a territory that has equivalent privacy laws, under the EU’sData Protection Directive, which will apply to the EU’s cloud strategy.
The EU will work with national authorities to ensure data regulations are applied to cloud services, EU VP Kroes said.
The Rise of E-Fortress Europe?
It makes sense for the EU to have its own standards because “these services contain assets of value for EU citizens and should fall under regulations agreed to by the representatives of those citizens,” Rob Enderle, principal analyst at the Enderle Group, told the E-Commerce Times.
There might be reasons for American companies to object to the EU’s plans to set standards for safe and fair contracts, data privacy and security, among other things.
“The U.S. government has been taking a back seat to the EU in these issues for the last decade or so,” Enderle pointed out.
Although U.S. companies wanting to do business in the EU have had to comply with local rules there, “U.S. companies know how to play this game, and from time to time one or more of them may go rogue,” Enderle remarked.
For example, Apple breached a memorandum of understanding between the EU and various mobile phone companies when it launched the iPhone 5, which uses a new, 8-pin charger that’s smaller than the standard one, Enderle pointed out.
U.S. firms “always have to comply with EU rules when selling into the EU market,” the EU’s Heath told the E-Commerce Times. However, “it will not be necessary for any company, European or other, to use the standards.”
Nor will companies have to use the model safe and fair contracts because “we encourage, we don’t enforce,” Heath said.