9/19/2010 Cloud Computing Hits Snag in Europe - …

Reprints

T his copy is for your personal, noncommercial use only. You can order presentation-ready copies for
distribution to your colleagues, clients or customers here or use the "Reprints" tool that appears next to any
article. Visit www.nytreprints.com for samples and additional information. Order a reprint of this article now.

September 19, 2010

Cloud Computing Hits Snag in Europe

By KEVIN J. O'BRIEN
BERLIN — In the world of ideas, cloud computing has the potential to revolutionize the way
people work.

By bundling the processing power of thousands of computer servers, a company, for example,
could allow two employees from different countries who speak different languages to
communicate directly by phone, using voice recognition software to process what is being said
and translation programs to interpret it into another language.

The result, ideally, would be a seamless conversation, without struggle and without the
limitations of speaking a foreign language.

“We’re not quite there yet, but it’s coming,” Eric E. Schmidt, the chief executive of Google, a
promoter of the technology, said at a gathering of cellphone industry executives after evoking
the image at a convention in Barcelona in February.

Such cloud-based breakthroughs face a formidable obstacle in Europe, however: strict privacy
laws that place rigid limits on the movement of information beyond the borders of the 27-
country European Union.

European governments fear that personal information could fall prey to aggressive marketers
and cybercriminals once it leaves the jurisdictions of individual members, a concern that may
protect consumers but one that hinders the free flow of data essential to cloud computing

“There are restrictions on cloud computing in Europe,” said Bob Lindsay, privacy director in
Europe for Hewlett-Packard, which makes servers and other equipment for cloud data centers.
“This isn’t killing the business, but it is slowing its evolution, compared with what is taking place
in the United States.”

Cloud computing, which allows companies to tap enormous computing power via the Internet
without having to invest in the infrastructure themselves, has grown rapidly in the United
States under a legal system that permits the sale and transfer of many forms of private data.

nytimes.com/2010/09/20/…/20cloud.ht… 1/4
9/19/2010 Cloud Computing Hits Snag in Europe - …
For its clients, the lure of cloud computing is the savings made possible by cutting in-house
corporate information technology departments and hardware and software purchases.

According to the research firm Gartner, global sales of cloud services will rise 17 percent this
year, to $68.3 billion from $58.6 billion in 2009.

About half of what Gartner defines to be cloud services are, in fact, the computing power
involved in the display and tracking of Internet ads. The rest is sales of computing services,
mostly to large businesses.

Global sales of cloud services are poised nearly to double by 2012, to $102.1 billion, Gartner
estimates. But Europe is expected to remain a relatively modest user of cloud services,
accounting for only $18 billion this year, or about 26 percent of the global total. By 2012,
Gartner estimates, Europe’s proportion of global cloud sales will rise to 29 percent, even though
the bloc’s economy is larger than that of the United States.

Facing legal obstacles in Europe, the U.S. businesses with the greatest stake in cloud computing
— primarily Microsoft, Google, H.P. and Oracle — are lobbying lawmakers to loosen restrictions
on cross-border data transfers. Alternatively, some are developing new methods to make cloud
computing work within Europe’s complicated legal landscape.

At the H.P. Labs in Bristol, England, researchers are devising ways to encrypt data before it is
sent into a cloud computing center and then decrypt it after it leaves the cloud, thus addressing
the privacy concerns of many European governments.

Another solution being studied is to give individuals the ability in advance to set the degree of
privacy control on each part of their personal information in the cloud by digitally tagging bits of
the data. Under this model, a person could make an e-mail address available to marketers,
while shielding a phone number and street address from unwanted solicitations.

In that aim, H.P. plans to begin testing new software that complies with European privacy laws
this year. Called H.P. Privacy Advisor, the software will handle the transfer of data between
H.P. offices within Europe as well as to those outside of the Union.

“The benefits and impact of the cloud are so great, and the legislative and technical issues are
what they are at the moment,” said Siani Pearson, one of H.P.’s lead researchers on cloud
computing technologies at its laboratory in Bristol. “But we can make sure that the benefits of
the cloud come even within the existing framework.”

In Europe, the legal definition of what constitutes personal data is much broader than it is in the
United States, extending to information like names, addresses and phone numbers in phone
nytimes.com/2010/09/20/…/20cloud.ht… 2/4
9/19/2010 Cloud Computing Hits Snag in Europe - …
books.

Another obstacle is the European Data Privacy Directive, the main body of European law
governing international data transfers, which generally prohibits the movement of E.U. data
outside the external borders of the European Union.

The European Commission has approved only a handful of other countries to provide cloud
computing services — the United States, Argentina and Canada. Israel and Andorra have
applied for approval to be designated as computing centers.

Companies that want to process E.U. data in countries that have not been approved— India and
Malaysia are growing hubs for cloud computing data centers — must negotiate and enter into
binding legal agreements with data processors called service level agreements, which ensure
that the personal information of E.U. citizens will be handled in accordance with E.U.
regulations.

But such agreements, while increasingly common, are costly, time-consuming to prepare and
difficult to enforce, said Mr. Lindsay, H.P.’s privacy director, who is based in Milton Keynes,
England. Backers of cloud computing technology are hoping the European Commission will
loosen the rules applying to international data transfers during the review of its data protection
directive, which was drafted in 1995, in the early days of the Internet.

During the review, which began last year and is not expected to be completed before mid-2011,
companies like Microsoft have urged the commission to streamline existing laws on
international data transfers.

The laws require companies to get the approval of several national data protection regulators
for a single data transfer flowing through their jurisdictions.

Under this framework, a Microsoft affiliate in Bulgaria, for example, seeking to send Bulgarian
consumer data to a cloud center in the United States, might have to apply for and receive
approval from regulators in a series of countries along the transmission route, which in this case
could include Romania, Hungary, Austria, Germany and the Netherlands.

In a letter sent in December 2009, John Vassallo, Microsoft’s associate general counsel in
Brussels, asked the commission to change the E.U.’s data protection directive to assign varying
levels of privacy restrictions to different kinds of data, which could ease the transfer of some
personal information, like names and addresses, for commercial marketing purposes if
consumers gave their consent.

“As the patchwork of worldwide data protection laws has become increasingly difficult to
nytimes.com/2010/09/20/…/20cloud.ht… 3/4
9/19/2010 Cloud Computing Hits Snag in Europe - …
navigate,” Mr. Vassallo wrote to the commissioners, “Microsoft has repeatedly called for a
comprehensive, workable global privacy framework that is consistent, flexible, transparent and
principles-based.”

Should the commission loosen the bloc’s restrictive privacy controls, which is not guaranteed,
European businesses, with their own multimillion-euro investments in in-house computer
systems, employees and procedures, still might not rush to cloud computing.

That is because European businesses, in general, are more reluctant than their U.S.
counterparts to abandon their own costly investments in computing infrastructure and
experiment with emerging technologies like cloud computing, said Ross Anderson, a professor of
security engineering at the Computer Lab at Cambridge University in England.

“European industry is an awful lot sleepier than industry in the United States,” Mr. Anderson
said. “The tech industry has its center of gravity in the U.S.A. You will tend to find that it is
high-tech firms there that are the keenest adopters of new technology.”

nytimes.com/2010/09/20/…/20cloud.ht… 4/4