Concern over the laxity of United States data protection laws has created a new market for Europe-based cloud computing services.
Concern in the European Union that US data protection laws are too lax may have created a new market for European cloud computing services.
A recent survey indicated that 70 percent of Europeans have concerns about their online data and how well companies secure it and now two Swedish companies, Severalnines and City Network, have begun promoting their newly merged service as "a safe haven from the reaches of the US Patriot Act". Under the controversal act, data from European users of US-based cloud services can secretly be seized by US law enforcement agencies.
"We believe that a service owned and operated locally in the EU, and fully compliant with EU data protection laws, will be very attractive for European companies. US companies with European operations will also benefit from the lower latency of a locally hosted solution," said City Network chairman Johan Christenson.
This gap in the market is also being exploited by other firms such as DNS Europe, Colt and MESH. The latter strongly promotes its location in Germany and "data separation in strict compliance with German data protection laws".
European legislators are also worried about the protection accorded to personal data held in the cloud.
"It is crucial, for European businesses and users, that the data on the cloud is stored in a safe country," said Philippe Juvin, a Member of the European Parliament.
European and US politicians have attempted to overcome user mistrust with the Safe Harbor Agreement, but is widely seen to have failed. Under the agreement, organisations self-certify their adherence to principles of data security, but there is very little enforcement and some legislation, in particular the Patriot Act, can override these principles.
Lawyers such as Theo Bosboom of Dirkzager Lawyers see the Safe Harbor Agreement as outdated.
"I'm afraid that safe harbor has very little value anymore, since it came out that it might be possible that US companies that offer to keep data in a European cloud are still obliged to allow the US government access to these data on the basis of the Patriot Act," he said. "Europeans would be better to keep their data in Europe. If a European contract partner for a European cloud solution offers the guarantee that data stays within the European Union, that is without a doubt the best choice, legally."
MEP Sophie In't Veld, too, is no fan of the agreement.
"Safe harbor is a nice idea, but it didn't work. When it was set up, times were different and it has almost become redundant by technological progress. We are increasingly aware of problem areas of jurisdiction between the EU and US and a voluntary scheme like safe harbor is not a strong concept and will not solve these problems," she said.
The EU is currently in talks with the US over sensitive data transfers across the Atlantic and a new European Data Protection Directive will be published in early 2012, which Justice Commissioner Viviane Reding promises will include measures to cover data in the cloud, but it appears that European could services still have a unique marketing opportunity.