A grave threat is said to be stalking Europe. No, it isn’t the financial crisis and the potential demise of the euro. It’s the “rapacious” U.S. approach to privacy — which portends, for those engaged in the development of cloud architecture, a coming “clash” of privacy laws.
According to Viviane Reding, the European Union’s justice commissioner, cloud-based companies that collect personal data are violating fundamental human rights. “We . . .believe that companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business on our internal market,” Reding wrote in November. “This also applies to social networks with users in the EU. We have to make sure that they comply with EU law and that EU law is enforced, even if it is based in a third country and even if its data are stored in a ‘cloud.’ . . .
Simply put, the fundamental question about international Internet governance over the next decade is going to be whose law dictates control — and the Europeans are making a bold play to say that the answer is “Europe’s.”
This raises a challenge for the private sector and for governments: When the user is a private-sector company, the transition to cloud storage and processing services will create difficult questions over jurisdiction. Imagine you are a company, seeking to do business in Europe. What if a country outside of Europe — say, the one(s) where your servers are maintained — contends that its law also governs, and that law is inconsistent with Europe’s? And what about the law of the home country (say, the United States), where the data-storage provider is headquartered? The conflict of applicable laws will create great uncertainty; uncertainty breeds hesitancy and the loss of entrepreneurial vibrancy. In other words, conflicting legal and technical requirements have the potential to crush innovation.