Microsoft has called on the European Union (EU) to clear the way for Cloud Computing by updating and unifying outmoded data protection and data retention laws.
Microsoft's General Counsel Brad Smith, speaking at the Museum of Art and History in Parc du Cinquantenaire in Brussels, argued that the current laws covering data protection and data retention date back to the mid-1990s and as such were not intended to take into account the massive and constant flow of data associated with Cloud Computing.
"At the time it was passed, data moved location occasionally. In the Cloud it is constantly moving," he said. "Creating a sensible and coherent EU regime governing the flow and protection of data stored in the Cloud; and establishing and enforcing an advanced privacy and security framework that is more closely aligned with the ways in which computing is evolving.”
The current data retention laws (from 2006) allows EU member states to each set their own length of time for the retention of data, between six and 24 months with the result that different countries have chosen different retention times which makes compliance by telecom and Cloud services companies complicated.
Smith called on the EU to set a standard length for retention time or to apply mutual recognition principles, so that each country applies the retention time of the country where the user's data is being stored. This was, he argued, vital if personal privacy was to be assured, something he insisted was very important to Microsoft – unlike some rival firms..."Some firms based on the West Coast (of the U.S.) don't think privacy is so important. I disagree,” he said. “The right to privacy is the right to choose who sees your information and it is as important now as it was 15 years ago."
In a discussion paper published alongside his presentation, Smith also called on European leaders to invest more vigorously in the network infrastructure needed to support a Cloud-based economy. He wrote: “Responsible government action includes ensuring that Europe has the right communications infrastructure in place to support the Cloud; creating a sensible and coherent EU regime governing the flow and protection of data stored in the cloud; and establishing and enforcing an advanced privacy and security framework that is more closely aligned with the ways in which computing is evolving.”
He elaborated: “The EU has recognised the need for improved broadband, placing it squarely in Europe’s digital policy agenda. The Commission has already devoted significant attention to creating a framework to encourage investment in next generation access, which will see optical fibre move closer to consumer homes in order to enhance access network performance. While optical fibre will play an ever-increasing role in the Cloud-ready infrastructure, however, wireless technologies are also crucial to ensuring that the benefits of Cloud Computing will be widely available – including in remote and rural areas.”
Consideration also has to be given to the wireless spectrum, he argued. “Spectrum regulators can assist in achieving ubiquitous access by encouraging radically more efficient use of spectrum,” Smith wrote. “The key bottleneck for the deployment of wireless technologies is the lack of available spectrum suited to wide area coverage. European spectrum policy has proved contentious, demonstrated by the Commission’s two year effort to define and implement a pan-European Digital Dividend under which spectrum would be released from broadcasting to support wider broadband connectivity. It is encouraging that the Commission has now set itself the goal of streamlining spectrum policy development through a multi-annual programme, bringing together the Commission, Parliament and Council.”
Specifically Smith called for action in:
-
Ensuring that the European communication infrastructure is cloud-ready. Cloud computing can only deliver the full benefits when there is ubiquitous and affordable broadband access. Continuity of access will encourage consumers to make greater use of Cloud Computing services and SMEs to focus more on developing new content and services.
-
Ensuring a genuine single market by bringing coherence to the legal framework applicable to the connected world, including the Cloud. This is needed to avoid data of European citizens and Cloud providers being subject to a fractured and, at times, conflicting set of legal rules and principles. Among other things, Europe should work to address and eliminate divergent Member State interpretation and application of data retention and other e-communications rules.
-
Ensuring greater transparency about the privacy and security practices of Cloud providers through industry adoption of a self-regulatory code, alongside possible reforms to the European framework for international transfers, in order to ensure that essential privacy protections apply to the Cloud and users can make informed choices.
-
Enhancing security in the Cloud by providing for greater rights of civil enforcement against cyber attacks and ensuring greater coordination and resourcing for law enforcement bodies.
He concluded: “If Europe is to reap the many economic and social benefits offered by Cloud Computing, it is imperative that European consumers, business, and governments have cause for confidence in the Cloud. In short, Cloud users must not be compelled to make a trade-off between flexibility and efficiency on the one hand, and privacy, security, and reliability on the other.”
Post new Comment