Commission to unveil cloud computing strategy

In September, Neelie Kroes, the European commissioner for the
digital agenda, will publish her long-awaited strategy for cloud computing,
amid fears that Europe could already be falling behind as technology takes
another leap forward. Internet firms have been hailing cloud computing as
the next big thing for several years, promoting its cost-saving benefits for
customers as they try to win a share of the emerging business.

The stakes are high. Cloud computing could
revolutionise the way businesses work and could expand significantly the extent
to which the internet shapes people's lives. Cloud computing means that data –
such as email, text files, music and photographs – is not stored on a personal
computer or server owned by the individual or organisation, but is instead sent
to the ‘cloud' – or, more precisely, huge data centres owned by different
companies around the world.

The benefits are huge, both in terms of cost and
convenience. Firms – especially SMEs – would save money because they would be
outsourcing IT maintenance, and because the amount of ‘cloud space' they could
buy would be flexible; they could increase or cut the capacity of their data
storage as they needed it.

Convenience could be an even stronger attraction. No
longer will people have to be at the computer where a file is stored. They will
be able to gain access to data from anywhere there is an internet connection.
Files such as medical records and professional qualification certificates will
be available anywhere internationally, which could give new impetus to the EU's
single market. Cloud computing also challenges copyright legislation: listening
to music and watching films stored in the ‘cloud' at the touch of a button is
already commonplace.

However, the European Commission knows that it has to
proceed with caution. It wants to promote cloud computing because it realizes
the economic benefits, but it also realizes that the development raises important
questions about data protection and security. The prospect of huge amounts of
sensitive data being transferred to centres across the world could encounter
resistance. Winning public trust may be the biggest hurdle to overcome.

Crucial steps

Commissioner Kroes is aware that, faced with these
significant technological changes, the Commission needs to have a plan. She
told the European Internet Foundation in March that policymakers have to come
up with a coherent strategy for cloud computing to ensure that this crucial
step in internet use "happens not to Europe, but with Europe".

A swathe of new legislation should not be expected,
however. Kroes is a liberal by nature, and she has already warned of the
dangers of over-regulation in this area. She is likely to take heed of industry
warnings that too many obstacles placed in the way would threaten the EU's
ability to take advantage of these technological advances.

The strategy is not expected to propose any specific
legislation at this stage, but rather set out a plan of action for a legal
framework that promotes cloud-computing development. This includes the measures
needed to complement the data protection regulation proposed by the Commission
in January, and calls for the EU to explore agreements with countries such as
Japan and the United States over the treatment of data.

The strategy will also set out the action needed to
ensure inter-operability and standardisation of cloud services – to ensure that
users are able to choose to move their data away from one cloud service to
another without being locked in' to one company.

The headache for regulators is that data stored ‘in the
cloud' is often spread out across more than one data centre, often in different
countries. The Commission wants users to have the same level of protection no
matter where the data is kept. It will seek to develop ‘model contracts' for
cloud providers to give more legal certainty to users over how their data is
used. This is aimed at giving some assurance that, no matter where the data is
held, it will have the same level of protection as where the user is based –
and that cloud companies will be made accountable if there is a problem.

The risks were set out earlier this month when Europe's
national data protection supervisory authorities issued a report on the issue
of cloud computing. The ‘Article 29 Working Party', made up of the national
authorities, the Commission and Peter Hustinx, the EU's data protection
supervisor, acknowledged that "the rise of cloud computing services can trigger
a number of risks, such as the lack of control over personal data and
insufficient information regarding how, where and by whom data is being
processed".

In the report, published on 1 July, the group said: "By
submitting personal data to the systems managed by the cloud provider, cloud
clients may no longer be in exclusive control of this data."

There is a long way to go. Many details set out in the
cloud-computing strategy will raise questions about cross-border data security.
However, there is a growing belief that the cloud-computing tide cannot be held
back, and, as Kroes said, Europe has to move with it rather than be pushed
along by it.