European Commission: Data location should not matter in the cloud

The cloud does not stop at national boundaries, and that's fine, as long as data is secure

The physical location of sensitive and personal data should not matter, as long as that data is secure, according to the acting Deputy Director General of Information Society and Media for the European Commission.

"The cloud does not stop at national boundaries" said Megan Richards, speaking at the Cloud Computing World Forum conference in London today. By its nature, cloud computing requires data to be portable, which in itself requires a flexible regulatory framework.

Richards said that, while the European Commission is working towards this target, there are many international issues at stake, including jurisdiction, liability and data portability. However, she said that it was essential to ensure that the market in Europe is open.

"You shouldn't care where data the is as long as it is secure and meets regulatory requirements, so now the question is how to ensure that - how to make sure that when we use cloud resources, personal data does meet those requirements," Richards told Techworld.

She added that new data protection legislation is currently passing through the European Parliament, as part of its European Cloud Computing Strategy, which will aim to address these issues. The proposals will be finalised within the next year come into effect within the next two and a half years.

Speaking to Techworld earlier this year,'s VP and Head of Platform Research Peter Coffee asserted that the requirement for certain data to remain in certain countries is an artefact of outdated regulation.

"Data protection regulations based on physical location don't make any sense. Clearly encrypted data with badly managed access privileges is dangerous no matter where it is, and well encrypted data with rigorous privilege management and strong mechanisms for auditing how privileges are used is safe," said Coffee.

"I could put an unencrypted hard drive mid-field in Wembley Stadium and be compliant, while the same data rigorously encrypted, but in Palo Alto, California, would be considered a grave threat."

Richards added that the cloud computing has great potential for driving growth and creating jobs in Europe, with the five largest EU economies alone having the potential to generate over 700 billion of economic benefit over the next five years - representing 1.5% of the total cumulative GDP of those countries.

Despite this, spending on cloud is still limited to about 1.6% of EU enterprises' total IT budgets, with about 3.5 billion spent on cloud-specific software and 1.1 billion on hardware. However, Richards said that this is changing fast, with cloud services market expected to reach 11 billion in revenue by 2014, representing 3.6% of the total IT market.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sophie Curtis

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts