Tune into: International data transfers
Travel broadens the mind, but data that travels too far can be stolen or snooped upon by foreign powers and that is something especially Europeans do not find amusing. This tune is about Safe Harbor rules. Or rather about the fact that these rules are no longer valid when it comes to governing international data transfers (see for more in-depth analysis see these earlier GBN blogs 1 and 2)
Now is discussing a news topic in a column that first publishes in traditional print (in Dutch) and only after that appears here, a bit risky from a news wordiness perspective. By the time the magazine is printed and distributed there might already have been a new set of safe harbor rules agreed with the US, making this essentially a non-topic. In hindsight we can however conclude that even traditional print presses still run significantly faster than the mills of European regulations and that no new rules have been passed yet.
Today the whole European cloud industry is anxiously awaiting new developments, especially as more rules mandating in-country (or even in-county) data residency could be the lifebuoy that the European cloud industry has been hoping for. Such regulation could significantly strengthen European Cloud providers when competing with the increasingly popular hyper scale cloud providers.
First a brief reminder on what is the issue. If a European organization’s is processing privacy-sensitive data in a country that offers less privacy protection than EU countries, then the organization must ensure that the data there is adequately protected. This could be achieved through safe harbor (based on self-certification) but also through the use of standard (approved) contract clauses or by implementing “binding corporate rules”.
The current issue at hand is that the European Court has determined – likely not completely unrelated to the revelations of Edward Snowden – that safe harbor does not offer real protection from foreign government snooping in such data. In theory the court has only declared safe harbor invalid, but it seems highly unlikely that the court would come to another conclusion regarding still valid administrative alternatives such as using standard clauses or corporate binding rules. And it would only take one of the 550 million European citizens to submit a similar complaint in order to get a similar ruling (but safe to assume this won’t happen during the time it takes to publish this column).
At this moment the European commission is doing its utmost to prevent individual member countries (or even worse, provinces / counties / states) to follow in the footsteps of Schleswig-Holstein and issue new individual regulations. Meanwhile many industry players are holding their breath regarding another lawsuit. In this case a dispute between Microsoft and the American justice department regarding the handing over of email data from its European data center in Ireland with regard to a criminal investigation about drug trafficking.
European providers of cloud services are jumping all over this. A German ERP vendor (no, not the one you think, but a local SMB’s focused player) started a mailing campaign in which they acknowledge ithis is a complicated issue, but that customers who want to play it safe are best advised to imply keep their data in Germany under supervision of a German service provider.
By the time you read this there are undoubtedly several other European service providers emitting similar messages while other European providers are leveraging the long term partnerships they developed with US-based SaaS and PaaS providers by taking the role of local data custodian for these global providers.
And what are (potential) European cloud users doing? They are consulting their lawyers and awaiting further guidance before taking action. A prudent approach but also an approach likely to slow down cloud adoption even further in Europe.
The slow starting track Harbor Lights – from the unforgettable album Silk Degrees (1976) – is number 10 on Boz Scaggs’ most-played list on Spotify. The more farmiliar (and more up tempo) Lido Shuffle from the same album is listed as number one. Music travels easily than data, Boz lived several years in Europe before returning to the US (1968) to tour with the Steve Miller Band. More recently Boz toured with “blue-eyed soul performers’ Donald Fagen (Steely Dan, The Night Fly) and Michael McDonnald (Doobie Brothers).
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.