European Commission: Data Location Should Not be of Importance in the Cloud

You shouldn't care where data the is as long as it is secure and meets regulatory requirements, so now the question is how to ensure that - how to make sure that when we use cloud resources, personal data does meet those requirements

The physical location of sensitive and personal data should not matter, as long as that data is secure, according to the acting Deputy Director General of Information Society and Media for the European Commission.

"The cloud does not stop at national boundaries" said Megan Richards, speaking at the Cloud Computing World Forum conference in London today. By its nature, cloud computing requires data to be portable, which in itself requires a flexible regulatory framework. 

Richards said that, while the European Commission is working towards this target, there are many international issues at stake, including jurisdiction, liability and data portability. However, she said that it was essential to ensure that the market in Europe is open.

"You shouldn't care where data the is as long as it is secure and meets regulatory requirements, so now the question is how to ensure that - how to make sure that when we use cloud resources, personal data does meet those requirements," Richards told Techworld.

She added that new data protection legislation is currently passing through the European Parliament, as part of its European Cloud Computing Strategy, which will aim to address these issues. The proposals will be finalised within the next year come into effect within the next two and a half years.

Speaking to Techworld earlier this year, Saleforce.com's VP and Head of Platform Research Peter Coffee asserted that the requirement for certain data to remain in certain countries is an artefact of outdated regulation. 

"Data protection regulations based on physical location don't make any sense. Clearly encrypted data with badly managed access privileges is dangerous no matter where it is, and well encrypted data with rigorous privilege management and strong mechanisms for auditing how privileges are used is safe," said Coffee.

"I could put an unencrypted hard drive mid-field in Wembley Stadium and be compliant, while the same data rigorously encrypted, but in Palo Alto, California, would be considered a grave threat."

Richards added that the cloud computing has great potential for driving growth and creating jobs in Europe, with the five largest EU economies alone having the potential to generate over 700 billion of economic benefit over the next five years - representing 1.5% of the total cumulative GDP of those countries.

Despite this, spending on cloud is still limited to about 1.6% of EU enterprises' total IT budgets, with about 3.5 billion spent on cloud-specific software and 1.1 billion on hardware. However, Richards said that this is changing fast, with cloud services market expected to reach 11 billion in revenue by 2014, representing 3.6% of the total IT market.