European Union policy makers were already skeptical about the safety of their corporations’ data in the public cloud, and the existence of PRISM and other top-secret programs that monitor online services with the goal of deterring terrorist and criminal activity has done nothing but stoke that skepticism into a raging fire of near-paranoia.
Ever since the revelations of apparently rampant United States government tapping of cloud-based data and online services from leaked material from former National Security Agency contractor Edward Snowden, cloud computing vendors in the U.S. have been holding their breath waiting on official reaction from the E.U.
That day, it seems, is coming.
Lawmakers in the E.U. are attaching broad amendments to a 2012 set of digital privacy regulations that could, if enacted, severely curtail and even outright block E.U. businesses and private citizens from using U.S.-based cloud services.
There are several proposed amendments to the privacy regulations, including prohibiting the transfer of E.U. corporate data to U.S.-based clouds altogether, unless several conditions are met, such as making it very clear where the data is going and that there will be the risk of outside monitoring by intelligence services. New proposed regulations would also sanction European companies that ignored these rules and used U.S. services anyway.
Up until now, the U.S. and the E.U. have managed to establish a fairly one-sided arrangement in the handling of E.U. corporate data: safe harbor rules have essentially let U.S. companies promise to abide by E.U. privacy rules, though without much oversight, thanks to the hard-line lobbying made by U.S. diplomatic services on behalf of U.S. technology interests.
The actions taken by U.S. intelligence services, however, threaten to completely unravel that tenuous relationship. The E.U. is pushing back against U.S. policies, trying to ensure their citizens’ data security in light of programs that openly target anyone but U.S. citizens.
Besides additional regulations, E.U. technology vendors are also pushing to have more cloud availability from native sources, which would ally E.U. member fears about U.S. spying, but would also have the effect of Balkanizing data on the Internet within geographic regions. That would make the usefulness of any commercial app or project that relied on the availability of such data a far more complicated process.
U.S. vendors and policy makers are, naturally, alarmed by the notion of the E.U. going it their own way, because let’s face it, that’s a lot of money walking away from the table, both in direct business and the secondary effects of a walled-off data source.
More than anything else, it probably won’t be the hue and cry of privacy activists that will get the NSA and its counterparts in the intelligence community to shape up, but rather the very real pressure technology companies will put on U.S. lawmakers to get this situation fixed. Of course, thanks to the government shutdown, the NSA can still play while the Congressional cat’s away.
But it may already too late. Burned by the U.S., the E.U. may just end up going alone in cloud computing anyway.
Image courtesy of Shutterstock.