Rules haven't been decided yet but others are already kicking up a stink:
More than a dozen industry associations including the US Chamber of Commerce this week issued a joint statement warning the EU against adopting rules that would effectively exclude US cloud providers like Amazon, Google, and Microsoft from doing business in much of Europe.
The statement filed by 13 industry associations, including the US Chamber of Commerce, Japan's Association of New Economy, and the Latin American Internet Association, addresses proposed changes by the EU cybersecurity agency ENISA. The expected tweaks would change how governments and companies use cloud providers, and potentially which operators they could pick, according to documents passed to Reuters.
The issue at hand are changes to the European Cybersecurity Certification Scheme for Cloud Services (EUCS) proposed in May that Reuters reports would require cloud services to be operated and maintained from the EU and require that customer data be stored and processed in the continent according to its rules.
"These EUCS requirements are seemingly designed to ensure that non-EU suppliers cannot access the EU market on an equal footing, thereby preventing European industries and governments from fully benefiting from the offerings of these global suppliers," the joint statement reads.
The letter also made the case that the provisions as drafted would not level the playing field and would instead considerably reduce the number of cloud offerings available in Europe, potentially resulting in higher costs for customers.
And there may be some truth to that according to John Dinsdale, chief analyst at Synergy Research Group, who previously told The Register that most European cloud providers instead target niche markets, and don't come anywhere close to meeting the criteria require to complete with US cloud providers.
(Score: 5, Insightful) by pTamok on Thursday December 08, @05:11PM (1 child)
On the contrary, it allows all suppliers, whether based within the EU or not, to compete on level terms - all they have to do is comply with local rules, which suppliers in the EU are already doing.
What the suppliers based outside the EU want to do is continue to compete on non-equal terms, where they don't comply with local data protection rules. That is unfair competition.
Exactly the same rules apply to physical goods. If you want to sell items into the EU single market, you have to comply with EU regulations. The same is true if you wish to sell into the USA - placing things on the market in the USA means you have to comply with USA regulations. If you don't comply with regulations, of course your costs are lower, which can affect the price, and therefore competitiveness.
(Score: 4, Insightful) by Mykl on Thursday December 08, @09:23PM
But it would be hard to respect the privacy of EU citizens on our platform while simultaneously sucking up and selling every last bit of private information about our
productcustomers elsewhere in the world!What's that? Treat everyone on the platform with the same rules as the EU? Don't be ridiculous.
(Score: 0) by Anonymous Coward on Thursday December 08, @05:48PM
It sure would suck if US service providers were forced to provide the data protection
security that the EU has but doesn't happen there because their Washington lobbyists
are very good at making sure it doesn't happen.
(Score: 5, Insightful) by bradley13 on Thursday December 08, @07:55PM (1 child)
One motivation is, of course, trying to help European companies compete against the established giants. That may be good, or bad, depending on your perspective. However:
This is key. US companies cannot be trusted to respect EU privacy legislation. The US government cannot be trusted to respect EU privacy legislation either - they will issue overly broad subpoenas, or three-letter agencies won't even bother with legal hurdles. They just raid whatever data they can get their hands on.
No European company, and certainly no government agency, should use any US cloud service that does not absolutely guarantee the data is kept in the EU, subject solely to European regulations.
Everyone is somebody else's weirdo.
(Score: 3, Informative) by pTamok on Thursday December 08, @09:51PM
It's not quite as simple as that. Microsoft Ireland have come under pressure from the US authorities to provide access to data held within the EU. Unfortunately, as Microsoft is based in the USA, with lots of US citizens as staff, a great deal of pressure can be applied.
2014-07-30: https://cdt.org/insights/microsoft-ireland-case-can-a-us-warrant-compel-a-us-provider-to-disclose-data-stored-abroad/ [cdt.org]
2017-01-25: https://www.siliconrepublic.com/enterprise/microsoft-us-government-data-ireland [siliconrepublic.com]
2017-11-02: https://www.irishtimes.com/business/technology/microsoft-ireland-faces-a-data-privacy-battle-in-us-supreme-court-1.3275201 [irishtimes.com]
2018-02-22: https://www.lawfareblog.com/microsoft-ireland-case-supreme-court-preface-congressional-debate [lawfareblog.com]
2018-02-27: https://www.accessnow.org/u-s-microsoft-ireland-ruling-shows-need-privacy-safeguards-cross-border-access-data/ [accessnow.org]
https://en.wikipedia.org/wiki/Microsoft_Corp._v._United_States#Supreme_Court [wikipedia.org]
The end result is the Cloud Act: https://en.wikipedia.org/wiki/CLOUD_Act [wikipedia.org]
If you want privacy/security you can't let foreigners run cloud services.
(Score: 2, Insightful) by zzarko on Thursday December 08, @10:36PM
marketcustomer data on an equal footing, thereby preventing European industries and governments from fullybenefitingbeing screwed from theofferingssurveillance of these globalsuppliersscumbags," the joint statement reads.C64 BASIC: 1 a=rnd(-52028):fori=1to8:a=rnd(1):next:fori=1to5:?chr$(rnd(1)*26+65);:next