Kafka in the Clouds
(with thanks to WebWereld.nl) The EU is implementing the new “Data Protection Regulation” DPR. And that was necessary because the old one, the Data Protection Directive DPD only gave, well, direction to the 22 countries of the EU to define their own policy on privacy etc with respect to digital data. That resulted in a confusing diversity where for instance companies with offices in several countries had to constantly upgrade their local policies and multiple compliance efforts. The DPR has now streamlined this and also is much more outspoken about what data can be showed to others and what not. If companies do violate these rules they will be legally fined by the EU.
Well that looks clear but here companies run into conflicts with the USA. The American Patriot Act for instance can order American companies, even if the datacenters in question are located in Europe, to give the US govt access to certain data. If they fail to comply these companies, like cloud service providers Amazon, Google, Microsoft; they will be prosecuted.
So the cloud service providers will be fined by the EU when they hand over the data and by the USA when they don’t. This is pure Kafka situation, which makes clients of cloudproviders uncertain.
The situation is complicated by the fact that based on the FISA, the Foreign Intelligence Surveillance Act, the cloud providers are forbidden to inform their clients about a request to inspect their data.
Normal procedure in Europe, which is often specified in data service contracts, is that data can only be given to for instance law enforcement officers when a formal court order is presented and communicated with the client. My guess is that what looks like a clash between two governing bodies, one based on national security to defend against terrorism, and the other based on clear regulation about what is private data and what is public data, in reality is a clash about sovereignty and about Intellectual Property rights. For instance laboratory data of research groups in universities or companies will want to share their work with other groups to cooperate by using a cloud service. If an invention is made such data, clearly owned by the research group is valuable to apply for patents or to publish it first. What guarantees can the Cloud suppliers give that such discovery does not leak away to the competition somewhere else on the planet, under the blessing of “serving national interests”?
This uncertainty is an obstacle to legal cooperation and wealth creation by using data networks and cloud services. Is the War on Terror colonising and segmenting the whole world? In that case the terrorists achieved their aim.