Companies doing business in both America and Europe could find life getting a lot more complicated as the European Union looks to enact strict privacy regulations to block US government surveillance in the cloud.
Following reports about US government Internet surveillance, cloud computing "has become one of the regulatory flash points in Brussels as debate ensued over how to protect data from snooping American eyes," according to a New York Times report: "Europe Aims To Regulate the Cloud:"
The European Union wants to regulate the cloud even if that makes its use more complicated. One proposed amendment would require “all transfers of data” from a cloud in the European Union to a cloud maintained in the United States or elsewhere to “be accompanied with a notification to the data subject of such transfer and its legal effects.”
Another amendment takes it further, barring such transfers unless several conditions are met. Not only must consent be provided by the subject of the data, but the person must be “informed in clear, unambiguous and warning language through a separate and prominently visible reference” to “the possibility of the personal data being subject to intelligence gathering or surveillance by third-country authorities.”
European regulations could leave companies wrong no matter what they do, if those companies do business on both continents. One amendment to regulations "requires the operator of data servers to inform both a local 'supervisory authority' as well as the subject of a request" if a non-European country hands out a court order requiring data disclosure. That's a direct contradiction of American law.
The proposed regulations would shift the balance of power between the US and Europe. Safe harbor rules let US companies promise to abide by EU privacy rules without much oversight, due to lobbying by US diplomatic services on behalf of US technology companies.
Europe is also looking for more cloud availability from native sources, which could Balkanize the Internet.
"The fear is that it will lead to an isolationist approach from Europe," writes Softpedia.
But who is actually being isolationist here? Both Europe and the US are acting to protect their own interests.
This complicates matters both for American companies doing business in Europe, and vice-versa. These companies will have to keep track of where data resides physically, and comply with sometimes contradictory regulations from both governments. That's on top of the other complications of enterprise IT.
Europe and the US need to get together to provide a consistent set of regulations that allows business to function.
NSA, Booz Allen Demonstrate How Not to Run IT
The NSA's 'Secret War on Encryption'
NSA Leaks Shine Spotlight on Perils of Contractor Partnerships
— Mitch Wagner , Editor in Chief, Internet Evolution