The EU is continuing to push its digital agenda for Europe and, to further progress ‘unleashing the potential of cloud computing’, on 10 December 2013 the European Parliament (“Parliament”) adopted a resolution 2013/2063(INI)) (the “Resolution”) on the issue of cloud services.

The Resolution  is set against the background of the EU’s digital agenda and the many pre-existing directives, rules, resolutions and reports on information technology and digital connectivity. However, it also acknowledges some of the many obstacles which the EU’s model cloud service market may encounter (for example, there are issues of security, privacy, access, cost, server capacity etc).  Against this background, the Resolution examines how the cloud can be ‘an instrument for growth’ and addresses various issues including the EU market, consumers, public procurement, intellectual property, data protection and fundamental rights.

Economic potential

In relation to the economic potential of cloud computing, the Resolution highlights that the cloud:

  • can be a “powerful instrument for growth and employment”;
  • may be particularly effective in transforming public services and utilities; and
  • can be a medium to provide educational services to youth and long-term unemployed.

However, the Resolution also points out that greater IT skills and training are needed to fully realise the cloud’s potential, and that unequal broadband access outside of cities risks widening the urban-rural economic divide. Further, a better framework is required to allow SMEs cheaper and easier cloud access and greater use of analytics.

Privacy

Concern is expressed about the privacy of cloud users and, in light of recent revelations about the practices of various national security agencies, the “massive, pervasive and indiscriminate governmental access to information related to Union users stored in third-country clouds”.

In response to this, the Resolution proposes measures to raise user awareness of risks to their privacy, and the sponsoring and improvement of encryption and security technologies. It also suggests that the European Network and Information Security Agency should provide minimum standards for cloud services.

Public procurement

Cloud services could reduce the cost of public services, and be used by the private sector for procurement purposes. Because of this, the Parliament calls on the European Commission (the “Commission”) and the Member States to utilise cloud services, and progress the European Cloud Partnership (an initiative to bring together industry expertise and public sector users to work on common procurement requirements for cloud computing in an open and fully transparent way). At the same time, it stresses the need for security and data integrity, particularly in relation to sensitive personal data.

Consumers and the cloud

The Resolution places a high degree of emphasis on the protection of consumers. Particular responsibility is given to the Commission, which is called to explore consumer rights protection, raise consumer awareness of the risks of cloud services, and ensure that consumers are provided with the information necessary to make an educated decision. The Resolution also reminds the Commission that it has the prerogative to require certain safeguards be included in equipment, and the Parliament requests that cloud service contracts with communications operators be monitored for competition law compliance.

In addition, the Resolution calls on the Commission to promote best practice standards and, in particular, models which facilitate data portability and interoperability.

Intellectual property and rights in cloud material

The Parliament acknowledges the ‘confusion and fragmentation’ within EU intellectual property law, and asks the Commission to address those gaps regarding cloud computing. At the same time, the Commission is asked to establish a legal framework for the application of copyright law to the cloud and provide model contracts that are sufficiently clear and transparent to users, promote the provision of information on how data will be processed and the presence of key clauses guaranteeing the quality of cloud services.

Data protection, rights and law enforcement

Data protection is touched upon by many of the Resolution’s other suggestions; however, it is emphasised that the protection afforded to data in the cloud must be equal to that elsewhere and that data protection law applies to all cloud services operating in the EU.

The EU’s concerns about governmental surveillance are re-iterated, particularly where data has been transferred to so-called ‘third countries’ outside the EU. The Resolution states that on this issue it ‘expects the Commission and the Council to take such measures as are necessary to solve this situation and to ensure the respect of the fundamental rights of EU citizens”.

WAB comment

In issuing what is a wide-ranging Resolution the Parliament has sought to set out a comprehensive blueprint for further developing the EU market for cloud services, the salient points from which can be summarised as follows:

  • cloud computing has tremendous economic potential, particular for SMEs and public services/utilities;
  • service contracts are often inadequate, and model contracts which protect rights are needed;
  • intellectual property rights protection is fragmented and may be inadequate;
  • user consent and information, particular in relation to the nature, purpose and extent of processing is often inadequate and greater transparency is needed in consumer contracts;
  • there are major data protection and security concerns about data in the cloud, particularly where the cloud storage is located outside the EU. and
  • governmental surveillance is a point of particular concern, following the revelation of the extent to which intelligence services (including those of non-EU countries such as the US) access, mine and monitor personal data.

In addition to identifying issues, the Resolution tasks various EU institutions (the Commission in particular) and, in some cases, the Member States themselves with remedying the mischief that has been identified. Although not exhaustive and despite some overlap, the Resolution identifies a formidable range of obstacles that need to be overcome before the EU will, in the Parliament’s  view, realise the full potential of cloud computing.