Proposed EC data protection rules help cloud adoption

The proposed new European Union data protection regulation will support the adoption of cloud computing, says European Commission Vice-President Neelie Kroes.

The proposed new European Union data protection regulation will support the adoption of cloud computing, says European Commission Vice-President Neelie Kroes.

“The Commission proposal, presented last week, is designed to improve privacy online while allowing for the development and use of the new services we need. Rules fit for the Cloud era,” she told the Fuelling the European Economy event hosted by Microsoft in Brussels.

Last week, Kroes, who is in charge of the Digital Agenda, called on public authorities, industry, cloud buyers and suppliers to come together in a European cloud partnership at the World Economic Forum in Davos, Switzerland .

While a European cloud partnership would help resolve issues like interoperability, Kroes said the EC’s proposed new rules for data protection are key to help address privacy concerns.

Cloud computing, she said, can bring significant productivity benefits to all because it promises scalable, secure services for greater efficiency, greater flexibility, and lower cost, but some commentators have suggested the proposed EC data rules could hamper cloud adoption.

Kroes has responded by arguing that the proposed data protection framework will make EU citizens’ rights to privacy and the protection of personal data work in the digital era.

The EC’s data protection proposal, she said, starts from everybody owning their own personal data, so putting personal data in the cloud need not mean losing control of that data.

“Second, we have proposed rules more relevant to a networked, connected world. Clouds cross borders, and so does the data they hold. So we will make it easier to operate Clouds both within and outside our Single Market,” said Kroes.

The proposal for a Regulation to replace a Directive, she said, means there will be a single set of rules for Europe, not 27 different ones.

Kroes said  under the new rules there will also be a one-stop-shop of enforcement, so that even if an operator is active in several EU countries, it will only have to deal with the data protection authority where it has its main operations.

“Cloud users should not have to guess where their provider is: if a company offers goods or services to people in the EU, or is monitoring them, then it shouldn't matter where that company's based – in Madrid, Mumbai or Mountain View. Our rules should apply to the data,” she said.

Kroes said cloud-friendly  data protection rules and a cloud partnership are only part of the European Cloud Computing Strategy.

In the coming weeks, Kroes said she will give details about plans for building a coherent, Cloud-friendly legal framework in Europe and engaging with the international community as well as an update on the technical progress for security and interoperability.

“Because our strategy needs to be joined up. It is only by examining our policies from many different areas, testing how well they fit the Cloud, and improving them accordingly, that we can create a European environment where the Cloud can truly flourish,” she said.

Read more on IT for utilities and energy