Portability of data is a primary advantage of cloud computing. It allows providers to store and distribute information generated from almost any location. However, this advantage has also proven itself as an Achilles heel to the industry. Conflicting domestic and international data privacy laws have created a challenging climate for US providers.
A primary cause for concern is a provision in the Patriot Act. The post 9/11 legislation makes any data held by a US company susceptible to unwarranted search and seizure. This provision also applies to data held outside US borders and supersedes existing US/EU safe harbor laws.
The situation has become difficult for US-based cloud providers as the law has prospective clients concerned about the privacy of their data. An article in ReadWrite Cloud points to sections of the 2012 National Trade Estimate Report on Foreign Trade Barriers, which describe international governments skittish of US cloud services. Australia’s government has gone so far as to openly dissuade public and private entities from choosing US providers.
Closer to home, the Canadian provinces of British Columbia and Nova Scotia have mandated that personal information held in custody of the public body may only be stored and accessed in Canada. This includes schools, universities, hospitals, government utilities and public agencies.
In an attempt to allay fears driven by US legislation, Colorado-based Standing Cloud announced that it had become compliant with EU data privacy law. The company noted that all information and applications in their EU datacenters would be backed up and restored locally.
Although Standing Cloud’s efforts are notable, Microsoft believes all data held by a US company is susceptible to warrantless search and seizure. The company has felt the effects of the Patriot Act, as a UK defense company dropped their plans of migrating to Office 365 over concerns from their legal department.
The deal fell apart when Microsoft was unable to adhere to data protection guidelines. Gordon Frazer, Microsoft UK Managing Director, was asked if the company could guarantee that data stored in Europe would not leave the continent. He responded, “Microsoft cannot provide those guarantees. Neither can any other company.”
US cloud providers are feeling the effects of a legislative priority conflict. Although spurring domestic business is important, lawmakers will more than likely give national security more precedence. In the short term, the conflict may result in loss of market share to international cloud providers. Over time, though, members of congress could look to wind down some of the Patriot Act’s more drastic provisions.