Most people wouldn’t include the European Union on a list of growth drivers for the ICT sector. And with good reason if the EU’s recently-announced policy approach to cloud computing is anything to go by.
In the past, the EU has been less a facilitator and more a barrier to adoption of cloud computing. This is because the ubiquity of cloud computing is threatened by the need to comply with the EU’s rules on data privacy and transfer. But, in a recent communication, the European Commission has said it aims to “unleash the potential of cloud computing in Europe”.
Unfortunately, the Commission seems to believe that the way to promote the growth of cloud computing is to regulate it. In doing so it has missed the opportunity to do something meaningful for companies seeking to implement cloud services across their organisations by reducing the data privacy burden.
The communication sets out a road map for the growth of cloud computing in Europe and proposes a regulatory agenda. The Commission wants more clarity about the applicable legal framework; to make it easier to verify compliance with the legal framework through better standards and the use of certification; and to develop a legislative initiative on cybersecurity.
The Commission proposes key actions designed to address what it sees as market fragmentation, problems with contracts and lack of standardisation. It highlights a “jungle” of standards that generate uncertainty as to interoperability and portability of data. It believes a wider use of certification and standardised contract terms will accelerate the adoption of cloud solutions.
In practice, the absence of these things hasn’t impeded the development of the cloud market. It’s also questionable how far any certification scheme can go if it’s voluntary. But the alternative – a mandatory scheme – would be much worse.
The Commission does at least acknowledge that data protection barriers could impede the adoption of cloud computing. Those barriers include the existence of 27 partly diverging national legal frameworks and restrictions on sending personal data outside the European Economic Area. But the Commission has not announced plans to change the rules to fit with the take-up of location-agnostic cloud services.
The cloud market is growing strongly in Europe, and the ICT industry doesn’t need the actions that the Commission proposes. Regulation, certification and contractual limitations are more likely to slow down than speed up the implementation of cloud.