Technical excellence - caring for your business

Arjan de Jong

Subscribe to Arjan de Jong: eMailAlertsEmail Alerts
Get Arjan de Jong via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

European cloud: the status of the hype

Recently, we were bombarded with the ominous message that the “European cloud” is actually a sham. This statement was especially put forward in response to questions surrounding the introduction of Microsoft’s cloud service Office 365, on which occasion Managing Director Microsoft UK Gordon Frazer had to recognize that even information in European clouds is not always safe for American ‘searches’.

The idea that data is safer at Microsoft or Amazon because, unlike Google, they have a special ‘European cloud’ has thus turned into an illusion. Simply because also these companies can be forced to share the data they host in Europe with the American authorities and secret services. Imagine, if you will, an organization such as Rackspace. This hosting company recently opened a datacenter in the U.K. that they set up especially for the European cloud. A waste of time and money?

Fortunately, it is not as straight forward as it looks at first sight. The reason why companies such as Microsoft and Amazon can be forced to hand over their data is the fact that these companies’ headquarters are located in the United States. Therefore, they must adhere to U.S. claims, rulings, the Patriot Act and act upon the requests of U.S. intelligence agencies. Whether the data is hosted in Europe is absolutely irrelevant in this matter. Case closed. Or is it…?

Apparently not… A Microsoft spokesperson in Brussels seems to have claimed that any company that has an office in the U.S. is obligated by law to respond to a legitimate request from the U.S. government for information. According to this person, this applies to every situation. Again, regardless of where the data is stored and whether there are other, conflicting legal obligations in the country where the data is stored.

And then there’s an interesting legal interpretation of the incident, for example the version which an employee of a renowned Dutch agency  has posted. The author of the article states that he would not be surprised if the European Commission would indicate that the use of cloud solutions for processing sensitive personal data involves (too) many risks. He based his opinion in particular on the questions that Sophie in ‘t Veld, Dutch member of European of the Parliament’s civil liberties committee, posed.  More specifically: “Does the Commission consider that the U.S. Patriot Act [thus] effectively overrules the E.U. Directive on Data Protection? What will the Commission do to remedy this situation, and ensure that E.U. data protection rules can be effectively enforced and that third country legislation does not take precedence over E.U. legislation?”.

I would like to comment on all three points. Let me start with the assertion of the Microsoft spokesperson in Brussels, which I can counter with great certainty by saying that the relevant journalist has simply misinterpreted the spokesperson’s story. It’s not about companies who have an office in the U.S. but about companies whose headquarters are located in the US.  Jitscale has an office in Florida, but our European clients know and trust us among other things because of the fact that we put their data in the European clouds that are NOT American owned. Moreover, we look at our client’s business requirements first. If these requirements – or specific rule and / or laws for that matter – dictate that privacy-sensitive data must be stored in a certain way or location, we simply adjust the infrastructural design, for example by storing the data in a local data center or cloud. “EU Outraged Over Cloud Data Access by US Patriot Act”  is a title that certainly does not apply to our customers. And with that I’ve basically also commented on the first point; an European cloud does exist! And it is simply being exploited by providers with an European headquarter.

And then my response to point three, the legal part. However legitimate the lawyer’s conclusion may be from his legal view point, I sincerely hope he is blatantly wrong. And I’m not the only one, I’m sure. I would be very disappointed if the European Commission would convey to its inhabitants that using a cloud for processing and storing personal data is risky. We are all just getting used to the idea that the cloud offers many benefits. Provided that it is managed well, that goes without saying. But everyone knows by now that the cloud, in comparison with physical infrastructure, is cheaper, scalable, future-proof, redundant where necessary, and therefore safe, flexible, and so on.

I surely understand Ms. In het Veld’s reasons to raise the problem of data protection that exist between Europe and the U.S. But please let’s tackle the problems where they actually occur. In my opinion Ms. In het Veld rightly states that Europe should introduce clear rules and agreements with the Americans as soon as possible, as American laws increasingly seem to apply to European territory.

But Ms. In het Veld rightly didn’t question the merits of cloud computing itself. If well managed, with the specialist knowledge available today, there is nothing to worry about. Especially if the provider has its headquarters in Europe. The entire discussion should be about responsibilities, rights and obligations associated with data management and traffic. Not about how data management and traffic are achieved.

Read the original blog entry...

More Stories By Arjan de Jong

Arjan de Jong is Sales & Marketing Manager of Basefarm and has been working in the Internet industry since 1997.