We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

The Connected Web

Phil Wainewright

Data Protectionism Threatens the Cloud

user-pic
Vote 0 Votes

One of the things I worry about, as someone who makes their living in the cloud, is protectionism. By its very nature, the cloud is a global phenomenon, both in terms of its audience reach, and also in terms of commerce (it's possible to set up website almost anywhere in the world and starting earning income from running Google ads, selling Amazon stock or offering goods on eBay). But if current economic woes lead national governments to bring in import controls and restrictions on the international flow of money, Web commerce will be severely curtailed.

Another threat to free trade in the cloud comes from laws on data privacy and intellectual property. I listened with interest to a panel discussion at last week's Powered by Cloud conference in London and heard some disturbing stories about the interaction between national laws and global cloud activity. This is of particular concern to both cloud providers and consumers, whether of cloud infrastructure or applications. National laws have an often unexpected impact on where data can be stored, and that's in direct conflict with the 'black box' nature of cloud computing, in which the philosophy of loose coupling dictates that a consumer of cloud services shouldn't really care what happens on the other side of the service interface, so long as the service contract is satisfied. National laws dictate otherwise (unless the service contract itself is capable of reliably assuring compliance with policies on the geographical location of data — not as easy to implement technically as you might think at first).

Paul Massey, an associate and member of the intellectual property and technology team at law firm K&L Gates, noted that while laws agreed by the European Union are supposed to be consistent, they are implemented by national governments and courts and therefore in practice the implementation varies in each jurisdiction. I suspect that in most cases the differences are not material, but it does increase the risk and the cost of legal advice for anyone hoping to provide services across borders within and beyond Europe (which of course is one of the supposed benefits of being a cloud provider).

One important obligation on any business operating within the EU is a continuing responsibility to ensure the security and privacy of data transferred elsewhere (privacy is, quite rightly, enshrined as a human right in EU law, so is taken very seriously by the courts). This obligation significantly complicates matters for anyone who wants to take advantage of offshore cloud providers for reasons of cost, spare capacity or failover. It has already led Amazon Web Services to offer both storage and processing in European data centers — as a premium option. The side-effect (because it's not reciprocal — US citizens don't have the same right to privacy) is a form of data protectionism.

Giving another example of how national jurisdictions impinge on cloud operations, Miranda Mowbray of HP Labs told the story of Tour and Marketing International of Spain, whose website sold vacations on the island of Cuba to Europeans (not to US citizens, who were barred from doing business with it). The only trouble was, its .com web domain was hosted with a US company, which when contacted by the US government on the grounds that it was doing business indirectly with Cuba, summarily shut down the domain, thus closing the tour operator's website.

So far, these are examples of how national jurisdictions coincidentally happen to restrict commercial freedom in the cloud, and in both the cases I've cited, one can argue very sound reasons for those restrictions. But is it inconceivable that a government might begin to implement further restrictions in the full knowledge that they will prevent 'foreign' clouds providing business services within their borders? That's the sort of economically motivated, politically driven data protectionism I worry about, and which I hope won't emerge.

1 Comment

Phil

Here's another way government intrudes on the cloud model- taxation rights. Are the taxes due in the jurisdiction of the corporate HQ entity or where the data center is? What if the vendor leverages cloud storage?

The issue gets complex and if we know anything about government- local, state or national - they want their piece of the tax action.

Phil Wainewright blogs about how businesses are using the Web to get better plugged into today's fast-moving, digital economy.

Phil Wainewright

Phil Wainewright specializes in on-demand services View more

Recently Commented On

Recent Webinars

    Categories

    Monthly Archives

    Blogs

    ADVERTISEMENT