EU data laws are latest threat to cloud

Rules to keep data in its country of origin contradict everything that makes cloud what it is

European data-sovereignty laws requiring international companies to keep data on customers in the customer's own country are not only causing headaches for database managers, they're holding back adoption of cloud computing in many large companies according to a story in GigaOm yesterday.

Corporate IT managers have been wary of European data-privacy laws since the early 2000s, when requirements designed to limit the degree to which corporations could move or exploit the personal data of customers came into vogue on the Continent.

More recently, fears of U.S. prosecutors subpoenaing private data on European customers in European countries has accelerated the priority of data sovereignty laws as well.

Of course, those fears are completely unfounded. U.S. officials would never assume they had jurisdiction extensive enough to subpoena or arrest foreign nationals on foreign soil on charges a company with no U.S. presence had broken some U.S. infosec law. (The MegaUpload case might blow the curve on that one; the Dept. of Justice indicted MegaUpload executives, had New Zealand police arrest them and impounded or copied all the Hong Kong-based company's data and servers. The premise on which all this was possible? MegaUpload's use of one data center on U.S. soil. )

Cloud fogs issues of privacy, sovereignty and geography

Newly restrictive data-sovereignty and privacy laws may be the work of European governments, but it's the multinationals that are shying away from cloud due to fears of inadvertent violations according to attendees interviewed by insightful GigaOm writer Barb Darrow at the Open Data Center Alliance conference in New York this week.

The ability to say for certain what country a bit of data resides in, make sure it stays within that country and act on it only according to laws that apply in that country is the biggest drawback to companies wanting to move all or part of their own IT infrastructure into the cloud, according to IT and security execs Darrow interviewed at the conference.

The whole point of the cloud is to make it possible for data-center managers to not worry about where a server or application or chunk of data is physically located. Cloud computing architectures make IT far more efficient because apps, data and computing power can all be made available where they're needed, regardless of location.

Not knowing for sure where to find a set of database records used to be a sign of incompetence or a major disaster within IT. With cloud – even private cloud networks built on the public cloud infrastructures of hosting and co-location companies – the inability to locate a database on a map is less important than the ability for critical applications to find that data when they need it.

Large companies are already struggling to adapt their own rules, processes and security concerns (many justified) to the fuzziness cloud brings to some issues are being further slowed by concerns they may be breaking the law of several countries by backing up servers in one data center to storage in another.

The only solution is to keep data-centers in every country in which a company operates. According to Andrew Stokes, chief scientist at Deutsche Bank Global Technology.

"Every geography has its own unique sector and laws," Darrow quoted Stokes as saying in his keynote. "We're in 75 countries; we need a superset of these regulations that make sense and that we can comply with."

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies