If you didn’t know by now that companies like Facebook and Google were keeping tabs on you and your company you’re probably naive, or you failed to notice the ads that appear next to your content, which somehow relate to what you’ve been doing.
For Google users, that’s about to get a tad more creepy. Let’s say you searched for Sting’s concert schedule on Google. You might find that you get a suggestion for a Sting video on YouTube, and as Gizmodo pointed out that kind of cross-service pollination has never happened before.
It’s disconcerting, but get ready for it because from a business perspective, it’s a double-edged sword. On one hand, you too can take advantage of the growing ability to analyze data and serve increasingly customized content on your company’s web site, but as cloud service users, it could raise the paranoia level a few notches when it comes to protecting your company’s private data while using cloud service.
And if you are collecting data, the EU might have just thrown a wrench in your data collection because under proposed new rules, if you have a breach, you would have to notify the appropriate government officials and every individual affected (think of the 24 million that were affected by the recent Zappos breach if you want to see how daunting this could be). Businesses are already complaining about the pressure this would put on them while trying to deal with a breach.
And Businessweek reports, the consequences for failing to comply could be quite costly involving a fine as large as 2 percent of sales, a number that’s sure to get anyone’s attention.
Meanwhile, the right to be forgotten component could pose the biggest challenge of all as individuals could request to be removed completely from your database, or that you fix what the individual considers to be wrong information. The implications for a business to keep up with these requests could be overwhelming and could prove difficult if not impossible to do. Can you guarantee that every mention of this individual is gone across your entire system?
On one hand it puts the whole idea of data gathering into question, something that many cloud services do. On the other hand, it might make you want to think about which cloud services you’re using. Google is clearly rewriting the rules here and it could have some impact on individuals and businesses and how they use Google’s services.
Whatever you think of Google’s new policy or the EU’s proposed rules, we clearly have a monumental clash between data gathering capability, and what services can do with that data, and the desire for privacy. And this is all against the backdrop of a growing cloud business model.
Like I said, we certainly live in interesting times, don’t we? The problem is that we have to sort all of this out and it’s not going to be simple to reconcile.
The Patriot Act was intended to give US government and law enforcement authorities broad investigative powers under the guise of preventing such an attack from recurring. Whatever you think of this law, the law of unintended consequences certainly applies here because as a result of these broad enforcement powers, many individuals and companies outside the US no longer want to store their data on US soil.
And this has cast a pall on certain types of commerce, especially cloud computing — a concept to be fair, that wasn’t even really thought about back in 2001 when the legislation was drafted.
Of course, to the extent the US Congress understands any technology, cloud computing certainly was more mature when the 4-year reauthorization was passed earlier this year.
Regardless, companies and individuals outside the US remain distrustful of storing any data inside the US where it is subject to US laws.
And Europe, which has strict privacy and data protection laws, has not taken kindly to this law. John Newton, who is chief technology officer at Alfresco and an American expatriate living in England says Europeans tend to distrust US law enforcement under the best of circumstances and the Patriot Act didn’t help matters.
“Europeans tend to be suspicious of US regulatory and law enforcement since many aspects of American and European legal and law enforcement practices are incompatible and inconsistent in more areas than just Cloud Computing,” he said. “The Patriot Act just exacerbates this problem,” he added.
And in my experience hearing from Europeans about cloud computing, this has held true. In fact, as far back as 2008, I remember attending the Evening in the Cloud at the Enterprise 2.0 Conference in Boston. The event included representatives from Google, Amazon.com and Salesforce.com explaining the advantages of the cloud at a time when it was a new concept to many. At the open microphone part of the night I recall at least one person from Europe stating that as long as data was stored on servers inside the US, there was no way he was considering using these services — because of fear of the broad power given US authorities by the Patriot Act.
Last year at CeBIT in Hannover, Germany, I heard a similar story at events throughout the conference, and in spite of my annoyance at still hearing questions about security and adhering to EU privacy laws holding back cloud computing, people and companies in Europe are put off from doing business with US cloud companies because of the privacy implications inherent in the USA Patriot Act.
And it’s not just Europeans, Canadians aren’t too fond of the law either. Cheryl McKinnon, a Canadian citizen and a consultant who works with the Canadian government around content and document issues, says with so much shared business and cultural tradition between the US and Canada, it’s easy to forget there are major differences around privacy and data protection between the two countries.
In fact, Canada has its own sweeping privacy law that according to McKinnon “requires that all businesses (and government agencies) must ensure that the personal information gathered from customers, citizens or employees are handled in a way that protects privacy” — and that means they can’t do business with any business with US-based servers due in large part to the Patriot Act.
Lubor Ptacek, who is VP of strategic marketing at Canadian company Open Text says the Patriot Act has prevented many people outside the US from using cloud services. “The [Patriot Act] grants the US government sweeping search authority that is scaring away many well-intended users and businesses.” He adds, “While the ‘safety over privacy’ principle may be acceptable in the United States, most Canadian businesses have a much lower level of tolerance for government intervention in private enterprise and we get the same sentiment from our customers in Europe.”
So 10 years after it was passed, this law designed to protect the public from an external terrorist attack, has also cast a long shadow on cloud computing commerce that continues to this day.
Although cloud computing services are clearly thriving, to make them truly useful in today’s connected world information needs to be able flow freely across borders, and this law remains a huge obstacle to such a vision. ]]>