Last week, the European Commission published a memo entitled 'What does the Commission mean by secure Cloud computing services in Europe?'. The memo stems from the Commission's 2012 strategy 'Unleashing the Potential of Cloud Computing in Europe' and addresses the growing concerns about the implications for the European cloud computing market following the PRISM revelations. It also provides insight into the hot topic of whether the Commission will introduce requirements for cloud providers to keep EU citizen's data within European borders.
The Commission has made it clear that its vision is for Europe to become the global leader in the cloud computing market particularly in relation to data protection and security. One of the Commission's aims is to align the cloud market with the proposals contained in the EU data protection regulation, by establishing a single market for cloud computing. The Commission also strongly opposes the 'Fortress Europe' approach to cloud computing and stresses the need for a uniform approach since undertaking separate national or regional initiatives threatens to fragment the market and weaken the EU's strength in this area. The Commission's memo also reiterates that 'the fundamental principle at stake is the need to look beyond borders when it comes to cloud computing' – meaning that although it aims to promote a European single market for cloud services, its intention is not to require providers to host EU citizen's data in Europe but to work across borders. It seems cloud providers who feared unachievable plans to keep data within Europe, can now breathe a sigh of relief.
As well as confirming its stance on EU data residency, the Commission's memo recognises the increased importance of encouraging smaller European businesses and consumers to use the cloud with the aim of increasing productivity. It is hoped that although Europe is not recognised as a leader in this area yet, the Commission will be able to leverage the EU's reputation for 'relatively high standards of data protection, security, interoperability and transparency about service levels and government access to information' to help increase the use of the cloud within and out side of Europe. As a way of tackling the slow adoption of the cloud in Europe, the Commission plans to encourage EU-wide voluntary certification schemes to increase transparency and security in the cloud. In other words, the Commission is looking to pro-competitive measures to help promote the European cloud market, rather than trying to 'force' European cloud development through onerous rule-making.
How achievable the Commission's plans are to establish Europe as the world's leading trusted cloud region will inevitably be impacted by the implementation of the EU data protection regulation (with the LIBE Committee's vote on its amendment proposals taking place today – see here). But at least, for now, cloud providers have some much-needed comfort that the Commission has no plans to force them to start building additional data centres in the EU anytime soon.