Commission to assure secure cloud computing
By Manon Malhère | Monday 24 September 2012
The European Commission hopes to promote the use of cloud computing services by the public and private sectors in the EU. However, it does not intend to put in place a European ‘super cloud’.
Europoliticssaw the new draft communication, which the Commission is set to publish on 27 September. It aims to be more of an examination of actions to carry out in order to foster secure, predictable and open cloud services. In particular, the Commission intends to work on developing safe and fair contractual terms.
Cloud computing technology allows the storage and treatment of data on external servers as well as providing access to data in real time from anywhere in the world. This is why it is called ‘cloud’ computing. Indeed, thanks to cloud computing services, individuals, businesses and public administrations no longer need IT installations and infrastructures.
The Commission is convinced that the cloud will create growth and believes that its potential should be exploited. This, says the Commission, is mainly because the use of cloud services can allow enterprises to reduce costs in the field of information and technology and to create new services.
But in order to develop, cloud services should not be considered only from the technological angle. The Commission should propose three types of key actions. Firstly, the development of secure and relevant contractual terms for cloud services. Indeed, currently the relevant legal framework is complex (market fragmentation) and not well adapted to cloud services. Many uncertainties remain.
One such area of uncertainty is the issue of data protection, which is fundamental given that cloud aims to facilitate the circulation of data. In the first draft seen by
Europoliticsin June, the Commission stressed the issue itself much less than in the current text.
A draft regulation, presented in January, is currently being negotiated at the European Parliament and at the Council and the – controversial – dossier pertains to the field of justice rather than to the Digital Agenda. The Commission is likely to propose committing to revising the contractual terms applicable for the transfer of personal data towards third countries and to adapt them to cloud services. It may also propose searching for an agreement with the industry on a code of conduct for cloud computing providers for the uniform application of data protection rules. This code of conduct could be put to the vote by the relevant working group (Article 29), established by Directive 95/46/EC.
The Commission is also likely to propose developing standard contractual terms for contracts signed by cloud services providers and professional users. Furthermore, it may propose models of contractual terms for contracts signed by consumers and small enterprises – in line with the controversial draft regulation on the establishment of Community private law.
Another key action concerns standards. The Commission is proposing measures to ensure the interoperability, portability and reversibility of data, as well as their safekeeping. For example, guaranteeing that cloud services’ users can transfer their data from one provider to another. The Commission is namely proposing to put the European Telecommunications Standards Institute (ETSI) in charge of outlining the necessary standards.
The third key action should relate to the creation of a European partnership for cloud computing in 2012. The Commission is convinced that the public sector can stimulate the development of cloud services, and will propose this partnership between the private and public sectors to harmonise the purchase of cloud services by public authorities.