Can the Cloud Catalyze Change in International Data Laws?

Despite imagery of the cloud as global collection of servers in the sky, among which data and applications move freely, the truth is that cloud computing is far more down to earth and far more localized. As a new GigaOM Pro report explains (sub. req’d), most cloud providers house services in only a few geographically distributed data centers, and national or continental data storage regulations can limit how -– and if -– organizations move their operations to the cloud. A question that could affect the ultimate scope of cloud adoption is whether legislation can be passed that takes into account the economic and technological realities of a cloud-based world.

As the report makes clear, European data protection laws are particularly tough, making it difficult for Europeans to use cloud services, which are largely U.S.-based. In the meantime, different data retention times in different EU countries make intra-continental cloud use a challenge (presently, for example, Amazon Web Service has an Availability Zone in Ireland, only, and Microsoft will offer Azure zones in Ireland and the Netherlands). European organizations considering cloud computing need to figure out whether the data involved limits their choice in cloud providers or precludes the move entirely.

The good news for supporters of a truly global cloud is that efforts are underway that could change the way governments view cloud data. Microsoft, for example, has been actively lobbying the United States to pass laws protecting sensitive data in the cloud, and lobbying the EU to relax its data transportation laws. Certainly, strict laws in the U.S. would make it much easier to convince Europe to loosen up. On the compliance front, security guru Christopher Hoff is pushing the A6 audit, which is designed specifically for cloud environments and could assuage governments concerned about differing security protocols among different providers. And as the report notes, there are technological advances that could enable the application of different security policies depending on geographical location.

It’s possible, of course, that no new laws ever get passed, rendering certain applications and data unfit for the cloud. But in light of the love shown for cloud computing by governments on both sides of the pond, I’m betting on progress sooner rather than later.

Image courtesy of Flickr user jivedanson.