Cloud computing is a platform for collaboration and effective resource management with the potential to enable performance and efficiency gains for companies and governments across the globe. The unbridled growth of this market, however, is now threatened by the actions of a number of nations favoring the adoption of domestically- or regionally-based cloud solutions. These efforts insulate the growth of domestic companies from a global cloud market dominated by tech giants such as Microsoft and Amazon, but are in larger part a reflection of the growing gap between rapidly changing technologies and existing standards for data privacy, security, and sovereignty, across the globe. For governments, these market-restricting decisions are an acceptable trade-off, reflecting the need to balance trade with national security concerns. But for small and medium-sized enterprises (SMEs), the lifeblood of many economies, market restrictions could stifle the potential innovation and efficiency gained by access to an open, competitive market.
Over the last year, a number of nations have begun to invest in domestic cloud solutions and limit the locations of cloud providers through contract restrictions and regulation. While these efforts undoubtedly boost local economic growth, they are also a direct consequence of mismatching data privacy, security, and sovereignty standards. For countries outside of the United States, chief among these points of misalignment are provisions of the U.S. Patriot Act. The Patriot Act allows the U.S. government to access data about foreigners if the data is stored by U.S. companies, no matter the location of the data. This conflicts with privacy guarantees made by the European Union (EU), where an individual’s right to consent to the release of his or her data is protected.
In France and Germany, state intervention in the cloud market is beginning to take hold. In November 2011, the French government established a venture with European-based companies Thales and Orange to offer a cloud-based infrastructure-as-a-service (IaaS) solution, dubbed Andromède, which will service France’s defense, health, and aerospace industries and spur job creation. Thales and Orange have emphasized the trustworthiness of their service as a French cloud provider and promoted Andromède to the rest of Europe as a means of bolstering the enforcement of data protection laws.[i] In Germany, government investment in telecommunications corporation Deutsche-Telekom may soon be complemented by rules limiting the location for certain types of cloud user data to Germany or the EU.[ii]
While mismatching privacy laws are of little consequence to government and other heavily-regulated industries (the U.S. government, for example, routinely enforces location restrictions for service providers), they negatively affect the private sector. Broad market restrictions act to the greater detriment of the economy because they limit competition to local players and stifle internationally-derived opportunities for maximizing cloud capabilities and performance. In the long term, the limitation of cloud choices may preclude SME owners from accessing the broadest spectrum of innovative cloud service offerings and thus lead them to run their businesses less effectively than they might have otherwise.
Recent restrictive investment and regulatory decisions governing the use of cloud solutions are uniquely products of the digital age. Globally-recognized standards for data privacy and security have failed to keep pace with innovation, and clear data sovereignty guidelines for the cloud do not yet exist. To promote digital trade and enhance market certainty, governments must work together to develop a coordinated, flexible approach to better align privacy and security frameworks and establish mutually respected rules governing data sovereignty. The potential for cloud to spark performance and efficiency gains depends on it.
[i] See http://www.zdnet.fr/actualites/cloud-andromede-orange-et-thales-se-felicitent-et-se-disent-prets-a-demarrer-39770969.htm and http://www.bloomberg.com/news/2012-01-17/europe-won-t-let-u-s-dominate-cloud-with-rules-to-curb-hp-tech.html.