Cloud Computing May Open Up Firms To Hundreds Of Millions In Fines Under EU Laws
One of the major attractions of cloud computing is its universal accessibility; in essence, it is computing without borders. However, the world is divided into distinct countries, and with that come different rules and regulations. Consequently, this can and does give rise to different problems (see: Computing Without Borders – What Works, What Doesn’t).
While it is true that American companies rule the roost as far as provision and consumption of cloud computing services are concerned, it’s also an established fact that there exists a huge market outside the borders of the United States. From the emerging markets in Asia–Pacific, to the developed nations of Europe, cloud computing has a lot of potential to change how IT is deployed. And these nations can be very protective of the access they grant to American government and judicial officials as regards proprietary and confidential information as mentioned in the Patriot Act (see: Is Cloud Computing a Threat to Consumer Rights?).
Such conflicts of views have had some serious repercussions. From an Australian cloud computing firm advertising its services as being immune to searches under the Patriot Act unlike its American counterparts such as Amazon (see: Your Data in Australia is subject to the US Patriot Act ), to UK defense contractor BAE Systems abandoning plans to adopt Microsoft’s Office 365 cloud-based productivity platform (see: European Firm Refuses To Go On the Microsoft Cloud Due to Patriot Act Concerns), American cloud providers have been on the losing end.
Now, there’s an added risk that cloud computing consumers might face under proposed European Union data protection rules – humongous fines. This can further discourage them from signing contracts with American companies. According to Vinod Bange, partner at top London law firm Taylor Wessing, these new laws can substantially increase a company’s risks in going onto the cloud.
“Regulatory sanctions have gone way off the scale in terms of what we are used to right now. The sting in the tail, which did not exist before, is that there is a provision to calculate a fine that is based on a percentage of annual global turnover. That’s big news and a big change,” he said. As a perusal of the proposed legislation, not expected to be adopted (if at all) until 2014 shows, this is no idle threat, with firms being threatened by the following:
Fines for non-compliance:
Tier 1 – €250,000 ($333,325) or 0.5% of global annual turnover
Tier 2 – €500,000 ($666,650) or 1% of global annual turnover
Tier 3 – €1 million ($1.33 million) or 2% of global annual turnover
- Tier 3 offences include breaches that relate to international data transfers, a likely possibility when data centers are spread across the globe.
While the U.S. government is justified, in the aftermath of 9/11, in seeking as much information as possible, European nations also have a valid concern as regards the privacy of their citizens and companies. This conflict of interests is indeed a serious matter and one that cannot be resolved in the absence of high-powered discussions between the two parties.
By Sourya Biswas