Editor’s Note: He used to be head of Homeland Security from 2005 to 2009, and pioneered the naked body scanner roll-out in US airports and rolling back your liberties and rights with the USA Patriot Acts. Now he runs the Chertoff Group, a global security and risk-management firm that advises clients on cyber security, including cloud computing. So why is Michael Chertoff interested in cloud computing compatibility with EU online data privacy laws? It appears that he sees them as an obstacle to something – capturing your data across borders? Let’s see…
Cloud computing and the looming global privacy battle
By Michael Chertoff
February 10, 2012
… According to Viviane Reding, the European Union’s justice commissioner, cloud-based companies that collect personal data are violating fundamental human rights. “We . . . believe that companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business on our internal market,” Reding wrote in November. “This also applies to social networks with users in the EU. We have to make sure that they comply with EU law and that EU law is enforced, even if it is based in a third country and even if its data are stored in a ‘cloud.’ ”
… A set of global rules will be difficult to achieve. International structures are notoriously cumbersome and slow-moving; this is a particular challenge in the context of quickly developing cloud technology. And international organizations’ governance structures are often universally inclusive, which means that countries with little interest in Internet freedom or accessibility may have a disproportionate influence on the rules adopted.
The alternative, however, is equally problematic. If development of privacy rules and regulations is left to individual countries, one of three scenarios is likely to result: Heralded by E.U. actions, more fragmented regulation may emerge as non-European countries try to impose their own privacy views on an unruly network. As a condition of access to a market, they will hold hostage providers who use cloud services — in effect, trying to balkanize the Internet. Another possibility is a rush to the bottom as countries compete to attract commercial cloud services by minimizing privacy protections.
The most likely result, however, is a privacy clash as the United States and the European Union compete to impose their will. This is the worst possible outcome, pitting natural allies against each other. U.S. diplomacy should urgently focus on dissuading Europe from unilateral action while developing a comprehensive “Western” approach to cloud privacy. That type of agreement on privacy principles would drive favorable policy development and set the stage for safe and effective expansion of cloud services.