Trade Law Daily is a Warren News publication.
Plan ‘Lacks Ambition’

EU Seeks Lead in Shift to Cloud Computing Services But Cloud Companies, Consumers Worry

Europe needs its own cloud computing strategy if it’s to lead the rest of the world as it did with GSM, Digital Agenda Commissioner Neelie Kroes said Thursday. Her plan to unleash the potential of the cloud won’t affect relations with the U.S., where many key cloud services providers are located, but will give European companies the chance to compete more fairly, she said at a press briefing. Small and mid-sized businesses applauded the move, but cloud computing companies and consumers voiced concerns.

Sign up for a free preview to unlock the rest of this article

Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.

Action is needed in several areas, the EC said in a communication to the European Parliament and Council (http://xrl.us/bnrnzm). Digital single market fragmentation because of differing national laws, and uncertainties over applicable rules, digital content and data location “ranked highest amongst the concerns of potential cloud computing adopters and providers.” That’s largely due to the complexities of managing services and usage patterns that span multiple jurisdictions and in dealing with data protection, contracts, consumer rights and criminal law, it said.

Contract problems relate to worries over data access and portability, change control and who owns the data, the EC said. Another concern is the “jungle of standards,” whose sheer numbers cause confusion and which also lead to uncertainty about which offer sufficient interoperability of data format to allow portability, or which safeguard personal data, it said.

The strategy “does not foresee the building of a ‘European Super-Cloud'” with a dedicated hardware infrastructure to provide generic cloud services to the public sector across Europe, the EC said. But one of its goals is to have publicly available offerings that meet EU regulatory standards and are competitive, open and secure, it said. The cloud is also needed as a platform for digital content, including mobile services, the EC said. Consumers should be able to legally access content away from home across Europe without losing access to services they paid for in any other EU member nation, it said. Flexible licensing agreements will give rights holders service innovation and create new revenue streams, it said.

The EC proposed three main actions. One is to hack through the standards maze that now allows vendors to lock in customers and hampers industrywide approaches. There will be no mandatory standards because the market is too immature, Kroes said. Standardization and certification actions for cloud computing are already under way at the U.S. National Institute for Standards and Technology and the European Telecommunications Standards Institute (ETSI), and more standards-setting initiatives will be needed. But the priority now is to use existing standards to create confidence in cloud computing, it said.

The EC wants ETSI to lead the way in identifying a map of the standards needed, such as for security and interoperability, it said. The EC will build trust in cloud services by recognizing at the EU level technical information and communication technologies specifications for protecting personal information, and work with Europe’s cybersecurity agency and others to come up with EU-wide voluntary certification systems by 2014. It will also address the environmental challenges of increased cloud use by agreeing with industry on harmonized metrics for cloud energy and water consumption and carbon emissions by 2014, it said.

The second action involves developing model terms for service-level agreements between cloud providers and professional cloud users, and proposing standardized contract terms and conditions for consumers and small firms who deal with cloud services, the EC said. Finally, it said, it will set up a European Cloud Partnership as an umbrella organization for national initiatives related to public procurement.

The strategy also calls for a “reinforced international dialogue on safe and seamless cross-border use” in areas such as trade, law enforcement and cybercrime. Many countries are starting to see the importance of cloud computing, so the EU must strengthen its collaboration with partners under the auspices of the World Trade Organization and the Organisation for Economic Co-operation and Development, it said.

Asked how the strategy might play with major U.S. cloud services providers, Kroes spokesman Ryan Heath told us: “Some might be annoyed, but this is going to massively grow their potential income so any extra effort will be well rewarded.” Europe has 500 million potential customers, and a large public sector that can be harnessed into a new market for American firms because no foreign contracting or ownership rules apply, he said.

Europe’s small business sector expects the EC to show leadership in creating a unified market for cloud services, said Association for Competitive Technology President Jonathan Zuck. The lack of a single market is hampering small and middle-sized enterprises in terms of security and privacy rules, he said. They need to exchange data with other SMEs and they want flexible rules that make moving to the cloud easier, he said.

The strategy is a “promising step forward” but raises several concerns, said the Software & Information Industry Association, which represents cloud computing businesses in the U.S. and elsewhere. Parts of the communication “go in a direction SIIA warned against” in a report to policymakers last year, treating cloud computing as a discrete entity that’s potentially subject to specific government regulation when it’s really a variety of evolving business and technical developments that are only roughly similar, SIIA Public Policy Vice President Mark MacCarthy wrote on the SIIA “digital discourse” blog (http://xrl.us/bnrnw7). The EC recognizes that fact, but then goes on to propose a series of regulations that can only be implemented effectively if there’s a reasonably precise legal definition of cloud computing, he said.

The plan “lacks the ambition to properly protect” consumers because it lets businesses choose whether to safeguard consumer rights and doesn’t deal with digital copyright and enforcement/redress issues, said European Consumers’ Organisation Director General Monique Goyens. Consumer protections can’t be lowered just because more content is being pushed to the cloud, she said.