4th Jul 2022

Cloud providers warn against EU 'over-regulation'

  • Cloud is just a trendy name for external data centres (Photo: The Planet)

The EU should not attempt to "over-regulate" the constantly changing market of "cloud computing" - a buzz-word applied to a growing industry of outsourced data-storage centres and computing facilities that can cut costs for businesses and government bodies - a representative of the US telecommunication company AT&T told this website.

Be it governments or small start-ups keeping records online, school kids uploading homework to 'Google Docs' or gadget fans 'synchronising' smartphones with home computers - virtually every internet user can become a 'cloud' user without even knowing it.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

"The reality of cloud is that it has been there for a while, it's just the name that's new," said Karim Lesina, executive director at AT&T Europe.

A booming market expected to surpass €175 billion by 2020 compared to €29 billion last year, cloud computing is now on offer by a wide range of companies, including telecommunications providers such as AT&T, internet giants such as Amazon and Google or computer-maker Apple. But with this myriad of cloud providers come the problems of no longer having complete control over one's data and of new forms of exposure to data theft.

"People tend to look at cloud as a single one, but there are a lot of clouds, different levels of what the consumer can access, with enhanced security, depending on what each person desires," Lesina explained.

"The level of security is higher compared to what the average user is doing at home," he added, citing bad habits such as not keeping any back-up copies, ignoring anti-virus updates or keeping passwords in an unsecured document.

"The real fear everybody has in the sector is creating barriers in the development of the new systems. It's important not to over-legislate in a sector that is still developing. The European Commission has a tough role to find a compromise between ensuring a good level of privacy for the citizens and also promoting the development of cloud, which would increase competitiveness of European companies and reduce costs."

Lesina also warned against the temptation to introduce 'territorial' criteria in the draft law, obliging cloud providers to store data in a certain country. "That would be in our opinion one of the biggest potential problems," he said, noting that cloud computing is all about border-less services.

Cloud headache

Data location is intrinsically linked to the issue of jurisdiction - a major headache for EU legislators and companies alike.

Since data can be split and stored in multiple locations within and outside the EU, it would be unclear how inconsistencies among those jurisdictions would be resolved in case of abuse or a data breach, a recent report by the World Economic Forum says.

Government access to data stored in the cloud is also an issue, according to the Switzerland-based group.

"Governments worry about losing the legal ability to 'oversee' data in the cloud and apply their laws to the cloud. These concerns can result in data location constraints being imposed – for example, requiring cloud providers to locate data within national borders, or subjecting transfers of data outside a given jurisdiction to additional legal hurdles and authorizations," the forum adds in its paper.

It recommends that cloud providers keep their services as transparent as possible: "Providers of cloud services should make available to customers information about how their services are provided and how they perform. This includes letting customers know how data is secured, where data is stored and/or what jurisdictional provisions apply, how and by whom it can be accessed, and how it can be deleted."

Coming from a hacker who proved to one German hosting provider, Hetzner, how vulnerable its password security was, there is "no 100 percent guarantee against attacks."

Empty bank accounts no suprise

In an interview with Netzwelt, a German online magazine, Tobias Huch said that the best way to protect oneself is to have different passwords for email accounts and online banking services: "In most cases people have just one password, and even that one is not too secure. In that case one cannot wonder too much when one's account becomes empty one day."

According to European Commission spokesman Matthew Newman, cloud providers would fall even today under the legal obligation to protect personal data.

"European data protection legislation already obliges those businesses that process personal data to make sure that they have appropriate technical and organisational security measures in place, and makes them liable for any damage to individuals caused by not observing their obligations," he told this website.

An obligation to notify customers of data breaches will be put into law next year, he added.

"Frequent incidents of data security breaches risk undermining consumers' trust in the online economy. Companies should beef up their precautions against identity theft and better protect consumers' personal data. They should immediately notify breaches of data security and confidentiality," he said.

EU gets to grips with cloud computing

It is billed as being to this decade what the PCs were to the 1970s, a technological and societal leap that will change how businesses function, how cities are planned, how people carry out their work and what citizens expect from online services.

IT bugs haunt work of EU fraud busters

EU efforts to fight fraud have been hampered by bugs and delays in an €29m IT system meant to help manage investigations more efficiently.

EU reaches deal on flagship cybersecurity law

The European Parliament and EU member states have reached an agreement over new rules intended to protect Europe's public and private critical entities from cyberattacks.


The CPDP conference wants multidisciplinary digital future

During the Computers, Privacy and Data Protection (CPDP) conference, many high-level discussions will touch upon the dynamics of decision-making in the design of new technologies, including the importance of inclusion, diversity, and ethics perspectives within these processes.

EU Commission won't probe 'Pegasus' spyware abuse

The European Commission says people should file their complaints with national authorities in countries whose governments are suspected of using an Israeli-made Pegasus spyware against them.

Stakeholders' Highlights

  1. Nordic Council of MinistersNordic and Canadian ministers join forces to combat harmful content online
  2. Nordic Council of MinistersNordic ministers write to EU about new food labelling
  3. Nordic Council of MinistersEmerging journalists from the Nordics and Canada report the facts of the climate crisis
  4. Council of the EUEU: new rules on corporate sustainability reporting
  5. Nordic Council of MinistersNordic ministers for culture: Protect Ukraine’s cultural heritage!
  6. Reuters InstituteDigital News Report 2022

Latest News

  1. Ex-Frontex chief 'uninvited' from parliament committee
  2. Czech presidency and key nuclear/gas vote This WEEK
  3. The human rights aspects of Grenoble's 'burkini' controversy
  4. Council must act on core of EU migration package
  5. Nato's Madrid summit — key takeaways
  6. Czech presidency to fortify EU embrace of Ukraine
  7. Covid-profiting super rich should fight hunger, says UN food chief
  8. EU pollution and cancer — it doesn't have to be this way

Join EUobserver

Support quality EU news

Join us