There’s a nice overview of cloud computing issues and positions from EurActiv. Here are some parts of it:
[…]
Rewriting data protection rules
The European Commission admits that its Data Protection Directive is outdated and is currently reading industry responses to a consultation before reviewing the law.
The current directive sets out guidelines for data controllers who process and handle the data. But the EU will need to tweak these definitions, as cloud computing allows the processing and handling of data to be carried out at a far-flung data centre if businesses so wish.
The current Data Protection Directive requires data to either be stored in the European Economic Area (EEA) or in a territory that has equivalent legal privacy laws.
As of September 2009, the Commission decided that Argentina, Australia, Canada, Switzerland, the Faroe Islands, Guernsey, the Isle of Man, Jersey and the United States had adequate protection for privacy.
[…]
Security and data privacy
Cloud computing has been described as putting all of your eggs in one basket. But if that basket gets hit, is everything lost? What if everyone’s personal data, bank account details, credit history, criminal records and tax payments moved to the cloud and got lost?
Regulators will need to act quickly as new research shows that clouds are not being upfront about the services they provide.
A study by the Queen Mary experts in London concludes that cloud business contracts sometimes waive responsibility for data storage or delete data if it not used for a while. Such contracts are usually difficult to understand as they sometimes amount to 60-page documents written in dense legalese. Many users, however, want the cloud precisely because they need to store data they no longer use but may well need in the future.
While essential security aspects are addressed by most tools, the cloud is potentially geographically vast and may need more prescriptive rules on data replication and distribution.
Customers are also concerned that they will no longer “own” their data, as they are not the de facto data handler if it is hovering in a cloud somewhere. This could also create difficulties in accessing data or in moving to another supplier.
In a recent survey, customers’ top concern was the security of their data in the cloud, followed by performance, privacy and cost.
The EU’s ePrivacy Directive, which was updated in 2009, created data breach notifications whereby any communications provider or Internet service provider (ISP) must inform individuals about data breaches of their personal information.
Germany, which is recent years has seen a dramatic increase in data breaches, revised its data protection rules to go beyond the EU regulation.
To try and smooth over legal discrepancies, the industry suggests that a worldwide agreement could be found under World Trade Organisation (WTO) rules for online services and software.
Read more on EurActiv