Microsoft: Cloud services hampered by unclear data rules

A senior Microsoft attorney said a single standard for data transactions is needed across Europe

The patchwork of rules across Europe regarding the handling of data poses a hurdle for Microsoft's efforts to provide cloud-based services, a senior Microsoft attorney said on Thursday.

Countries throughout the Europe Union have differing rules regarding data retention, privacy, consumer rights, cross-border data transactions and data ownership. This means that companies such as Microsoft may not be able to offer certain types of services due to restrictions on how data is moved or questions of law.

"What needs to be done is to bring a common set of rules and in a few cases maybe a revision or a new set of rules," said John Vassallo, vice president for E.U. affairs for Microsoft, speaking on the sidelines of Microsoft's Government Leaders Forum in London.

Countries that are part of the E.U. are bound by the European Commission's directives, but their interpretation of those rules is often divergent.

For example, under the Data Retention Directive, providers of electronic communications services (ECSes) are required to maintain data such as records of e-mail recipients, for a minimum of six months up to two years, for law enforcement purposes. But when it comes to other data, E.U. countries differ on what constitutes an ECS. Even if two countries agree on what an ECS is, they may differ on how long the provider needs to retain that data, posing more difficulties for companies.

Data sovereignty is also a concern. For example, multiple states may have an interest in particular data, but could run into conflicting laws and regulations over which entity would have jurisdiction in case of a problem.

If a cloud service provider complies with a demand from law enforcement in one country, that might violate privacy regulations of a user in another jurisdiction. That makes it also harder for cloud services companies to communicate to their customers under what conditions their data may be exposed.

"You must find a system that all countries at least within the E.U. at first and maybe beyond will agree to," Vassallo said. "These things don't exist today."

Vassallo said concepts that are being discussed include a "diplomatic immunity" for data, where communications would be treated with the same privilege as diplomats who carry paperwork in briefcases. Another idea is a "data free zone," or areas where there are harmonized rules for data transactions, similar to free trade zones.

A universal agreement for data would mean more transparency for consumers while also allowing for the growth of cloud services, which hold the promise of enabling businesses to in turn offer new services.

"The end result is it would be increasing the certainty to 500 million [ E.U.] citizens that their rights are going to be treated equally," Vassallo said.

But "the legislative system is slower than the technology development, and that is always the case," he said.

Join the CSO newsletter!

Error: Please check your email address.

Tags regulationsecurityMicrosoftencryptionlegislationgovernmentdata protectionprivacy

More about European CommissionMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts