EU data protection law to officially allow cloud computing

July 2, 2012

Critics and consumers rife with concern over how cloud computing could work under the European Union Data Protection Initiative can rest a little easier. According to the New York Times, the privacy panel of the European Commission is expected to give its endorsement to the cloud as "legal" under continental privacy law.

By endorsing the technology, the commission can assuage some of the worries over data security in cloud computing that appear to have overrun much of the European IT landscape.
According to IDC, Europe lags far behind North America in terms of its deployment of cloud technologies. While the North American market spends $17.4 billion - good for 62 percent of the worldwide market - on cloud computing, Europe, the Middle East and Africa combined to spend less than half of that, totalling $7 billion.

Insuring the cloud
Growing concerns over data protection and cybersecurity in general motivated that European Network and Information Security Agency (ENISA) to advocate for mandatory cyber insurance for most firms. Insurance would help mitigate any unintended damage associated with strict data breach notification laws that are being proposed.

Insuring companies that use cloud computing - a number that looks to go up after the EC endorsement - could prove difficult, according to the Financial Times. Most data protection policies generally relate to hacking.

Insurance companies don't typically offer policies covering the cloud, according to the Times, because providers struggle to wrap their heads around the associated risks. It does not necessarily mean that cloud data security is actually any worse than legacy systems, just that quantifying the risk of the technology is too difficult.

Non-binding policy
Although the cloud computing report to be issued by the EC privacy panel will serve as a series of recommendations for the 27 EU member states, it is not binding in terms of national law.

According to the New York Times, analysts hope that it will instead serve to relieve the "lingering unease" associated with cloud computing data security.

Among the recommendations include some to deal with the data location issue central to the earlier EU data protection initiative. Others deal with data retention and provider transparency.
"I am hoping that the recommendations will allow people to take advantage of the technology that is out there is a controlled way," said a vice president at a data protection company based in the United States. "Some of the regulations being discussed in Europe are actually pretty progressive and could give the business model a push forward there, as well as in the States."

-McAfee Cloud Security