Strategy to facilitate uptake of cloud computing
By Manon Malhère | Tuesday 26 June 2012
Promoting a legal framework for the development of safe and predictable cloud computing services in the EU is one of the objectives of the relevant strategy, which the European Commission should publish in September.
Europoliticshas seen the draft text, which could still be changed. It lists the actions to be carried out in numerous fields, such as data protection, to stimulate the use of these services by the public and private sectors. The overall aim is not to create a European ‘super cloud’ but rather to promote the development of this technology, which allows the storage and treatment of data on external servers. With this type of cloud services, individuals, enterprises or public administrations no longer need IT setups and infrastructures, and above all they can access stored data in real time, from anywhere in the world
Since the aim of the cloud is to facilitate the circulation of data, the Commission should first tackle the issue of data protection, which is fundamental. In January, it presented a proposal for a regulation revising Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data to further harmonise relevant national legislation. With regard to the transfer of data outside the EU – an aspect that is particularly important for cloud services – the proposed regulation provides for the transfer of data to a third country to be possible only if it offers an “adequate” level of protection for these data. If the Commission has not adopted a decision on this adequate level, the transfer of data will only be possible if the enterprises provide guarantees (binding rules applying to undertakings, or contractual terms). The information and communication technology (ICT) industry – which welcomes the Commission’s initiative to further harmonise the relevant rules – is, overall, not convinced that these measures will lift all the obstacles to data circulation. The ICT industry also feels that some – administrative – provisions are too normative.
In its strategy, the Commission should propose measures to encourage data protection authorities to develop said binding rules applying to undertakings in order to facilitate data transfers and to promote the development of EU standards on data protection and ICT safety in the cloud. The promotion of certification mechanisms to indicate the levels of protection and of security offered is also mentioned.
Furthermore, in order to increase the confidence of potential users, actions should be envisaged to promote the development of models of “agreements on the level of service” between suppliers and clients who specify the conditions under which the services should be provided. There should also be a list of actions to facilitate the use of digital content (for example, encouraging flexible approaches to licences in terms of copyright for cloud services); and measures to facilitate the standardisation and interoperability (applications, infrastructures) of cloud computing services.
The Commission is adamant that the public sector can stimulate the development of cloud services, and will propose the creation of a European cloud partnership between the private and public sectors to harmonise the purchase of cloud services by the public authorities.
Lastly, given that cloud services do not heed borders, an entire section of the strategy concerns international cooperation. In view of this, the Commission should propose opening an extensive dialogue with the US and Japan.
The Commission is adamant that the public sector can stimulate the development of cloud services, and will propose the creation of a European cloud partnership between the private and public sectors