German authorities have recently expressed skepticism about cloud computing and the potential it has for breaking data protection laws.
According to the Information Law Group, there is no imminent danger of a European crackdown, but legal experts are advising international companies to address these potential concerns in their planning and operations.
The controversy stems from statements made by Dr. Thilo Weichert, head of the data protection commission in the northernmost German state of Schleswig-Holstein. Weichert is calling for the abolition of the Safe Harbor framework and doubts the ability of companies to protect the rights of Europeans, who enjoy some of the strongest personal privacy laws in the world.
According to the Information Law Group, the Safe Harbor Framework was "developed jointly by the European Commission and the US Department of Commerce, under which American companies can publicly certify compliance with a standard set of Safe Harbor Privacy Principles approved by the European Commission and enforced by American regulators, predominantly the Federal Trade Commission."
The concerns about data privacy are felt across Europe. Most of the tensions arise from how personal data is stored in the Untied States, where privacy laws are comparatively less comprehensive.
European law is fairly meticulous on the matter of data privacy. There are a number of ways that a customer needs to be notified about how their information is being processed. The belief is that on many occasions, customers are not informed at all when using SaaS services and cloud computing services. Still, there have been no formal complaints issued against cloud computing providers.
The concerns from Germany come at a time when Europe is beginning to review data protection laws that have been on the books for the past 15 years. Comments have been submitted to the European Commission, which has decided to push back any ruling until mid 2011 due to the varying approaches European countries have been taking about data privacy enforcement. According to the Information Law Group, the commission also want to examine how best to apply the general principles of the law in an "increasingly global, networked, and distributed computing environment."
The law group advises companies to make sure they are compliant by "handling European employee data in centralized enterprise resource management systems or outsourced applications."
Outsourced applications could be any variety of services. But due to the general attitude in Europe right now, companies need to make sure cloud computing providers can prove they are compliant. This can be difficult at times as providers are sometimes hesitant about disclosing locations or sub-contractors. If they can't, then it's time to start looking at other options.
Further, the Information Law Group says it's important that customers check to see if United States vendors, including cloud service providers, "are Safe Harbor certified, or alternatively use EU-approved standard contract clauses."
This latest news shows again why transparency and standardized policies will be increasingly important to develop in the cloud computing market. European authorities have a reputation for strict data protection requirements. That's not going to change. It's a just a question what effect the law will have on the technology itself as privacy takes center stage.