U.S. cloud vendors risk losing European market due to data privacy disconnect

Samantha Bookman, FierceTelecomFor the past year and beyond, a rising tide of concern within the European Parliament regarding its citizens' data privacy has put the U.S. on the defensive and American companies, particularly those selling cloud services, in a tight spot. EU companies and governments guard their customers' private data fiercely, but Patriot Act provisions make it possible for that data to be released to U.S. law enforcement despite EU regulations. And what the disconnect means is that U.S. cloud vendors are losing contracts, losing business, and losing traction in one of the most connected regions in the world.

From this framework, a conference call yesterday hosted by the U.S. Dept. of State seemed curious. Deputy Assistant Attorney General Bruce Swartz' focus on "myths" about how U.S. law enforcement accesses private data versus reality and his insistence that the Patriot Act is a "red herring" in the data privacy fight going on with the EU seemed akin to the scene in The Naked Gun in which detective Frank Drebin stands in front of an exploding fireworks factory saying "nothing to see here, move along."

Swartz stated on the call that established law enforcement treaties with EU members are adequate and that the Patriot Act's policies on cross-border information collection are not the real problem. But that didn't really address the grave concerns that businesses and government organizations within the EU have with the U.S. government's ability to compel American companies to release private data to them without the EU's consent.

It's a concern that will be costly to cloud providers. Gartner Research estimates that the cloud services market in western Europe will total $47 billion by 2015, making it a tempting landscape for cloud services vendors. But U.S. companies, which currently control more than 90 percent of the European market through subsidiaries according to Forbes, may find themselves gradually shut out. Already, arstechnica reported, Microsoft's (Nasdaq: MSFT)  contract with the UK's BAE Systems to run Microsoft 365, its cloud services offering, was dropped specifically due to the possibility that Microsoft might at some point have to turn over records of BAE's users stored on that cloud, without BAE's consent. Amazon Web Services (Nasdaq: AMZN) told Forbes that it would also comply with such requests from the U.S. goverment. And U.S. companies may not even get the chance to bid on Dutch government contracts due to the privacy disconnect.

Companies like Equinix (Nasdaq: EQIX), a neutral data center provider on which many cloud providers host their services, SAP (UK), and Navisite Europe--recently purchased by Time Warner Cable (NYSE: TWC)--are among companies that could struggle to comply with both U.S. and European privacy regulations.

It's not just the Patriot Act that's under fire from EU policymakers. In December, European Commission vice president Viviane Reding said that U.S. legislation advocating "self-regulation" would "not be sufficient to achieve full interoperability between the EU and the U.S," according to a FierceGovernment report.

Phil Wainewright, a vice president of EuroCloud, which boosts cloud vendor interest in the EU, wrote in a recent blog post that "While the economic advantages of pooling resources or sovereignty may seem self-evident, it's important to fully understand and safeguard against the risks of multiple interdependencies." He added, "Success in the cloud, just as much as among the countries of the European Union, depends on fully acknowledging the concerns and risk exposures of all participants."

In the midst of such business-related concerns, European citizens are preparing to sound off about a number of data privacy concerns next week, when European Privacy Day 2012 focuses attention on various privacy issues, both on and off the Internet, on Jan. 28.

Negotiations for a data protection agreement in regard to law enforcement and security purposes have been ongoing since March 2011. Hopefully U.S. decision makers will take the risks to American companies into account and work out an agreement that allays European fears about Patriot Act intrusion.--Sam