Cloud computing is a new model of computing involving a large number of computers connected through a real-time communication network. Instead of using a local server or a personal computer, this network of remote servers hosted on the internet is used to store, manage, and process data.

Clouds are used differently by different users. Ultimately, however, it involves individuals, businesses and governments moving their data storage and processing into remote data centres. Centralising data storage and processing enables the convenient sharing of data and enhances the ability of users to collaborate and share documents. This means that users can command almost unlimited computing power on demand, do not have to make IT capital investments and can get to their data from anywhere with an internet connection. While cloud computing can bring substantial benefits, new challenges have arisen particularly in the area of data security. The biggest perceived risks of cloud computing are lack of privacy, data confidentiality and an increased risk of data interception given that data is stored on a common cloud infrastructure.

Yet, as part of its digital agenda for Europe, the EU is progressing the concept of cloud computing and the EU Commission issued a communication highlighting the economic potential of cloud computing as a result of which consumers, business and public administrations stand to gain. The Commission identifies the benefits of cloud computing for consumers who can use cloud services to store information and to use software; public administrations that can use cloud services to successively replace internally run data centres and information and communication technology departments; and companies that can use cloud services instead of investing in and building physical infrastructures.

In conclusion, the Commission considers that the substantial efficiency improvements across the whole economy outweigh the risks and challenges associated with cloud computing, and aims at creating a public cloud that meets European standards. Recognising the economic potential of cloud computing, the EU is set on promoting the rapid adoption of cloud computing in all sectors of the economy.

Backing the Commission’s cloud computing strategy, the European Parliament recently adopted a non-binding Resolution on the development of cloud computing regulations for the EU. In Parliament’s view, the standards to be set must be such as to enable a high degree of interoperability between cloud services in order to increase competitiveness. The Resolution also suggests that the European Network and Information Security Agency provides minimum standards for cloud services. The Resolution covers also issues surrounding the transfer of data between cloud computing providers and points out that greater IT skills and training are needed to fully realise the cloud’s potential.

In addition, the Resolution calls for better data protection of cloud services, and the protection of cloud users. It lays out the Parliament’s view that measures to raise user awareness of risks to their privacy are to be introduced, while encryption and security technologies are to be improved. The Parliament is proposing that cloud providers will have the status of data controllers, as a result of which they will have liability in relation to data protection obligations.

The Resolution places a high degree of emphasis on the protection of consumers. The EU Parliament calls upon the Commission to explore consumer rights protection and ensure that consumers are provided with the information necessary to make an educated decision. This is particularly important given that a customer may not have any knowledge of where its data is stored or processed. Services may be sold to a customer in one jurisdiction, but its data may be stored at one or more locations in the same or other jurisdictions. The Parliament suggests the introduction of guidelines to ensure that consumers’ EU fundamental rights are protected. In a bid to prevent member state institutions snooping data, the Commission has been directed to set limitative conditions under which cloud data may or may not be accessed for law enforcement purposes.

Intellectual property is another aspect touched upon in the Resolution. The Parliament recognises the complexity surrounding the protection of intellectual property rights in this area. Because IPRs are generally territorial and cloud computing involves the storage of data in a cloud rather than locally, it is unclear in many instances what intellectual property laws will apply in the cloud computing environment. Furthermore, it is unclear whether cloud storage service providers can be held liable for copyright infringement. For this reason, the Parliament has requested the Commission to address the IPR issues regarding cloud computing and, specifically, to establish clear laws to cover copyright within the cloud such that rights holders enjoy fair compensation for the use of their work within the cloud.

It is a long way ahead before the EU will, in the Parliament’s view, realise the full potential of cloud computing as a substantial range of obstacles have to be first overcome. In spite of this, this ‘new’ technology is rapidly maturing and moving from novelty to commodity.

Josette Grech is adviser on EU law at Guido de Marco & Associates.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.