Consumer Electronics Daily was a Warren News publication.
Must ‘Harmonize’

EU Privacy Rules Threaten Global Cloud Industry, U.S.-Japan Business Report Says

October 23, 2012 by Greg Piper|Top News

Europe’s privacy framework could harm the development of a global cloud-computing industry, said U.S. and Japanese business interests in a report last week. It was prepared for a “Director General-level meeting” of the U.S.-Japan Policy Cooperation Dialogue on the Internet Economy in Washington, the State Department said Friday (http://xrl.us/bnvifp). State said “participants concurred” at the meeting last week that the U.S.-Japan Cloud Computing Working Group, set up earlier this year, should “continue its discussions while giving consideration to the balance between free flows of information and personal data protection."

The U.S. and Japan should work together to create an “international framework” for cloud computing that relies on a “harmonized system” and “maintains the openness and transparency of the Internet centered on a multi-stakeholder process,” said the report by the American Chamber of Commerce in Japan and Japan Business Federation (http://xrl.us/bnvigq). The two countries should share best practices to further development of cloud computing in the developing world and reduce the digital divide, the report said.

Asia-Pacific Economic Cooperation efforts to develop cross-border transactions and EU efforts on new privacy regulations should be closely followed by government and industry in the U.S. and Japan, the report said. “While respecting the overall direction of EU policy on strengthening privacy, we urge that EU reforms be harmonized internationally,” it said. EU efforts are aimed at applying strengthened personal data protection rules to “businesses outside of the EU. ... [T]here is the risk that excessive protection could stifle businesses, slow the deployment of new business solutions and create a large compliance burden."

The report in particular warns that European Commission reform of the 1995 data protection directives has not yet addressed the definition of “such fundamental terms as ‘private data’ and ‘data leakage’ ... making corporate engagement on the draft difficult.” The “blurring” of the roles of “data controllers and data processors” creates uncertainty and “does not support the harmonization goals of the reform or deal adequately with the complexities of cloud computing,” the report said.

Though the U.S. has a safe-harbor agreement with the EU, “many Asian countries including Japan” are seen as “not adequately” protecting personal data, the report said: Asian businesses “fear the imposition of stringent data protection requirements on data services that are offered in Europe -- a development that would dramatically raise the cost of doing business there for them.” U.S. and Japanese governments should “take the lead” in creating rules to allow the “free flow” of cloud services “in and out of” the Asia-Pacific region, including to Europe, “at minimal cost to business,” it said.

The report discusses --without passing judgment on -- U.S. activities such as the Obama administration’s proposal to strengthen the legal privacy framework through transparency, more individual control over personal data and limits on data use. It lauded the “general recognition” in the U.S. of government policies that foster cloud technologies, including the reported 500,000 jobs created by the “app economy” since 2009. The report notes that governments generally are wary of storing sensitive national security and other data on remote servers, but “for the vast majority of data, the location of the data is not an issue as long as appropriate security measures are in place.” Governments currently tend to develop information and communication technology systems that operate “independently” across agencies, “resulting in a great deal of functional duplication and unnecessary cost.” Government use of the cloud, domestically and overseas, “can help mitigate private user concerns” with the cloud as well, it said.