European Parliament study looks at security and suggests European clouds
A recent study titled “Fighting cyber crime and protecting privacy in the cloud” conducted for the European Parliament deals with cloud security. Currently, the EU framework on cloud computing in relation to cyber crime lacks a clear sense of direction, priorities and practical coordination. The study thus strongly underlines that the challenge of privacy in a cloud context is underestimated, if not ignored.
The study addresses the challenges raised by the growing reliance on cloud computing. It starts by investigating the issues at stake and explores how the EU is addressing the identified concerns. The study then examines the legal aspects in relation to the right to data protection, the issues of jurisdiction, responsibility and regulation of data transfers to third countries. These questions have been neglected in EU policies and strategies, despite very strong implications on EU data sovereignty and the protection of citizens’ rights.
The study recommends several steps. It states that “in the area of cloud computing, it is high time that the EU clarifies what it is that EU bodies should be predominantly concerned with in the first place.” Another suggestion is that the EU needs an industrial policy for autonomous capacity in Cloud computing. The DG INFSO Communication of October 2012 is on this matter not in tune with the challenges analysed in this study. They suggest that a target that by 2020, 50% of EU public services should be running on Cloud infrastructure solely under EU jurisdictional control.