The notion that governmental access is similar in the European Union and the United States was validated on the political level this week by Megan Richards, EU Commission Acting Deputy Director General for Information Society and Media. Speaking at the Cloud Computing World Forum in London, Ms. Richards asserted that, “theoretically, it shouldn’t matter where data is held as long as our rules apply…the legislation in the US is not so different from the legislation we have in the EU.”
Interestingly, the use of US infrastructure for European Cloud Services is lamented in some European quarters. Critics ultimately question whether data protection measures, especially those restricting governmental access to data, are adequately established in the US. As discussed below, doubts about US legal frameworks are often based on “misconceptions [which] encourage speculation that governmental access to data stored in the cloud is more likely in some places than in others.”
In the meantime, Europe’s goal to support a speedy uptake of Cloud Computing, including the development of Cloud infrastructure in Europe is under way. The Commission’s “European Cloud Strategy,” which is set to be released this summer by DG Information Society and Media (soon to become DG Communications Networks, Content and Technology), aims “to ensure that Europe becomes not just Cloud-friendly, but Cloud–active.” European critics of the US approach assume that the cloud strategy will mean more Cloud infrastructure in Europe.
European Commission Vice-President Neelie Kroes (who is leading the initiative) has however informed stakeholders that Europe’s Cloud Strategy is “not about building a European super-Cloud,” and that “Cloud business models…should be determined by efficiency considerations in the market.” “Market Based considerations” could justify a continued reliance on US based infrastructure for European Cloud Services, because many major Cloud databases are already established in the US.
FPF’s Christ Wolf, co-director of Hogan Lovells’ Privacy and Information Management practice, and Hogan Lovell’s Paris Office partner, Winston Maxwell, recently released a white paper on governmental access to data in the Cloud. The white paper “debunks faulty assumption that US access is unique” with an expository survey comparing governmental data access laws in ten countries (including some EU member states) as well as governmental authorities’ ability to access data stored in databases outside their jurisdiction through the use of Mutual Legal Assistance Treaties.
It will be interesting to see how an honest analysis of governmental access regimes across jurisdictions could affect the European Cloud Strategy and create the potential for a continued reliance on US based infrastructure for European Cloud services.