The Dangers Of European Clouds

The Dangers of European Clouds

A recent study by ITIL just predicted that the US cloud industry stands to lose $21.5 – $35 billion over the next few years related to loss of market share due to PRISM. Is the marketing arm of US cloud providers on vacation?

Europeans (including residents of the UK and other parts of the world) have been justifiably outraged by the revelations of Edward Snowden about the US’ data mining of non-citizen information. Maybe. The truth is that most European governments can access their citizens’ data when held in country with far less due process than the US requires. Further, the US press hasn’t bothered to report much about the fact that the GCHQ (Britain’s version of the NSA; its motto: “Keeping our society safe and successful in the Internet age”) has their own version of PRISM: Tempora. With the secret cooperation of BT, Vodafone, Verizon, Global Crossing, Level 3, Viatel and Interoute, GCHQ gets details of telephone calls, emails, FaceBook posts and other online traffic by monitoring undersea fiber-optic cables – the ones that make up an enormous share of the backbone of the Internet.

So, excuse me for laughing at the hyperbole around the dangers of US cloud providers because of PRISM. The proposed solutions from abroad are even worse. Fears of US government surveillance have sprouted such nonsense as a UK-only cloud or legislation restricting EU members from using foreign clouds.

Me thinks there is more behind the proposed isolationism than data privacy. The US absolutely dominates cloud computing. I don’t know why really, but I can make some guesses. One would be the relative strength of the US economy versus Europe in the last ten years when cloud computing has mushroomed. I have another theory that is related to privacy. The reality is that the US has lax privacy laws and the EU has restrictive privacy laws that don’t play well in a cloud environment. It’s normal for the law to lag behind technology, but in this case, the US’ dearth of regulation has allowed the cloud industry to develop relatively unhindered. Europe’s privacy laws from the nineties don’t help.

While both US and European cloud providers serving EU residents need to comply with EU law, in my experience many US providers don’t bother. I blame that on ignorance and arrogance. As many lawyers as we have in the US, cloud providers just don’t think they have to worry too much about legal requirements. And if they stay within our borders and don’t handle financial or health related data, they don’t have much to think about. So, why not allow users from other countries? The US doesn’t regulate transborder data flows.

I’m not advocating for PRISM or Tempora (or the next secret government program that will be revealed). Nor do I believe all privacy laws are useless. But so far, there has been a major disconnect between what cloud users expect, believe and actually get related to privacy – whether their data is in the cavalier US or the tight-lipped EU.

By Cindy Wolf

Cindy Wolf

Cindy Wolf is a Colorado lawyer with more than 25 years experience representing large and small domestic and multinational companies. Her expertise is in helping companies enter the cloud safely, either as providers or users. She also practices in the areas of corporate law and commercial contracting, with an emphasis on international issues. She can be reached at

(*Note - This publication is provided for informational purposes only. It does not constitute legal advice. There is no implicit guarantee that this information is correct, complete, or up to date. This publication is not intended to and does not create an attorney-client relationship between you and the author...)

Latest posts by Cindy Wolf (see all)

5 Responses to The Dangers Of European Clouds

  1. Thanks for the informative post Cindy – I do think it’s striking how little us Europeans seem to know about our domestic surveillance programmes.
    On the overall subject of cloud security, I would also note that public cloud platforms are often going to be safer than on-premises equivalents because the big providers have the resources (both in terms of hardware/software and personnel) to stay ahead of attackers. Of course, these big providers are overwhelmingly US-based.

  2. My apologies, readers. I gave the wrong name for the organization which did the study on the costs of PRISM to the US cloud industry. It is ITIF – The Information Technology & Innovation Foundation, not ITIL. Cindy Wolf

  3. Interesting that there’s not more press about this — especially from the U.S. side, where the negative spin can be damaging for businesses. Still, regardless of where one lives on the globe the idea of being spied on is unsettling. Those of us who lead pretty simple lives are paying for the actions of a few bad apples.

  4. Basically, you’re saying no cloud, nowhere is going to offer significantly more privacy and security than the US providers. I don’t agree with commenter HH that public clouds are safer than on-premises private clouds like the Cloudlocker. In the US, the law says after 180 days you lose the “expectation of privacy” for files stored in public clouds.
    Also, the big providers like Dropbox, Google, Apple, etc., disclose in their T&Cs that they look through your files, but they say it’s only to find “better ways to serve” their customers, i.e., they’re looking for faster ways to get more money out of your wallet. And they share this info with their affiliates and sell it to others.
    One more thing about public clouds. What goes up doesn’t comes down. You can’t obliterate all traces of any file you ever uploaded. They keep backup copies forever. It’s not clear who can look at these with our without telling you or getting your permission. You can delete your files from Dropbox, you can close your account, but Dropbox, or whoever, will always have backups that NSA or whoever can look at. None of this happens when you keep everything in a private cloud, and the Cloudlocker is a good example. When all your stuff is in your house, they still need a warrant and probable cause that you’re a bad guy. That’s the way it used to be. That’s the way it’s supposed to be. I think private clouds will eventually supplant all the giant public cloud services for this one simple reason.

  5. No arguments here about the lack of privacy in the public cloud. No one bothers to read the terms of service that clearly don’t give the customer an expectation of privacy.
    Perhaps someone more technical than me can explain , however, whether public vs. private really matters as long as the data is being transmitted over the Internet? The GCHQ data gathering is at the transmission level – undersea fiber-optics. It appears that the NSA is also after encryption codes considering the latest news about Lavabit’s shutdown (just my speculation) and the US has strict export rules around types of encryption anyway. When an Internet transmission is broken into packets and sent via multiple pathways, how do you know it hasn’t passed a government collection point on the way to a private cloud? Thanks for sharing your expertise.

PaaS And IaaS: Rising Champions Of Cloud Computing

PaaS And IaaS: Rising Champions Of Cloud Computing

PaaS and IaaS: Rising Champions of Cloud Computing In the cloud conversation, Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) appear much less than the famed Software as a Service (SaaS). This is not surprising when you consider that a world already populated with built platforms and infrastructure has but to operate…

Cloud Computing and Social Networks

Cloud Computing and Social Networks

Pushing Innovation With Social Networks There was a time when storage space was a precious commodity. A few videos and photographs and the system would be gasping for breath in old PCs’ limited storage space. 10 Years ago, today’s top social networking sites would have broken down under the burden of the heavily visual traffic…

The Education Revolution: Cloud In The Classroom

The Education Revolution: Cloud In The Classroom

The Education Revolution: Cloud In The Classroom With the back-to-school season now upon us, parents, students and teachers everywhere are once again struggling with the perpetual challenge of making kids job-ready in a high-speed and fast-changing environment. There is little doubt in anyone’s mind that information technology plays a central role in all areas of life…

Cloud Infographic: Disaster Recovery

Cloud Infographic: Disaster Recovery

Cloud Infographic: Disaster Recovery  Business downtime can be detrimental without a proper disaster recovery plan in place. Only 6% of businesses that experience downtime without a plan will survive long term. Less than half of all businesses that experience a disaster are likely to reopen their doors. There are many causes of data loss and…

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future of Work: What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at…



Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100

Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.


CloudTweaks Media
Phone: 1 (212) 763-0021