The EU’s Cloud Computing Initiative
Article by Loeb & Loeb LLP’s Advanced Media and Technology Group
The European Commission, in its communication titled “Unleashing the Potential of Cloud Computing in Europe,” recently announced a new strategy for cloud computing in the EU. According to the statement released by the EC, the strategy is designed to accelerate and increase the use of cloud computing across EU businesses and the public sector, and would result in the creation of 2.5 million new jobs and add an estimated 160 billion euros to the EU gross domestic product by 2020. The proposal aims to bring cloud computing services in line with the existing EU requirements for consumer privacy and personal data security under the EU’s Data Protection Directive and to encourage the adoption of the proposed revisions to those requirements, in order to address individuals’ concerns about the security of their personal data online – especially in the cloud.
Key actions of the proposed strategy include:
- Establishing industry-led, voluntary technical standards to ensure that cloud users get interoperability, data portability and reversibility
- Establishing EU-wide voluntary certification standards for cloud providers
- Developing model contract terms for cloud computing contracts, including service-level agreements, to address issues such as data preservation after termination of the contract, data disclosure and integrity, data location and transfer, ownership of the data, and direct and indirect liability
- Creating a “European Cloud Partnership” with member states and industry to harness the public sector’s buying power (20 percent of all IT spending) to shape the European cloud market, boost the chances for European cloud providers to grow to achieve a competitive scale, and deliver cheaper and better Government
The EC intends the strategy to be part of the effort to address consumer concerns about data protection – a factor the EC has identified as one of the most serious barriers to adoption of cloud computing – and expects to use the mechanisms in the proposed Data Protection Regulation, once adopted, to provide further guidance on the application of data protection laws to cloud computing services.
The EC expects to deliver on the key action steps – standardization and certification for cloud computing; the development of safe and fair contract terms and conditions; and the European Cloud Partnership – in 2013, with a progress report at the end of that year to determine whether the Commission needs to implement further policy and legislative initiatives.