Currently the Personal Data Privacy is on everyone’s lips after this summer revelation by Edward Snowden about a US Government data collection program called PRISM, and it becomes even more fashionable right now that the analysis of released top secret documents have shown the extent of spying by the National Security Agency (NSA) on electronic communications has reached some European Prime Ministers, or for mention another example “Le Monde” journal has revealed that the NSA gathered more than 70 million French phone calls in a single month “targeting not only people suspected of being involved in terrorism but also high-profile individuals from the world of business or politics”.
So, I’d like to come back in this blog to the Data Privacy and its relationship with the intrinsically free Cloud data movements, and the possible impact on a (not wished, but perhaps needed) Cloud Regulation: for example, the European Parliament busied itself attaching amendments to its data privacy regulation before Snoweden’s revelations and now is weighing to address cloud computing that will actually signify a Cloud Regulations. In short, it’s basically a dilemma between:
- On one hand, it is about the progress, the technical advances and the global business that Cloud technologies can foster. In a post written about a year ago (“Europe behind the US on Cloud”), analyzing the Gartner’s report about why Cloud penetration is more delayed in Europe than in US and according Gartner, it was stated that a possible cause was these Personal Data Privacy Regulations that were seen as a protectionist barrier that precludes Cloud business growing (basically because of the Europe’s diverse and ever-changing data privacy regulations inhibit the movement of personal data to the cloud, and EU policy-making processes and practices can hinder business). And it’s clear to me that, in exchange, also non EU companies (mainly American ones) are suffering this policy because they become less competitive having to adapt their products and/or services to E.U. privacy laws. Therefore, at the end, business and technical advances are slowing …
- On the other hand, it is about human and civil rights. As an European citizen, I’ve got no doubt about some data privacy protection is needed, without which Aldous Huxley’s “Big Brother” world will happen and police-state mentality will success. Even, someone perhaps could to persuade me that it might be fair for Governments to have access to our private communications via the internet, in some circumstances under the right and well-known conditions and under the control of a trustworthy independent judiciary. It’s difficult to debate about. And, at the end will be driven to the important and even more difficult debate about how democracy can protect itself (from terrorism and other radical ideas) without leaving been “democracy” (in other case, terrorism will have won the war, even it loses the battles). But this a technical post, so let me keep close to technical/economical subjects.
Of course some people (in both sides of Atlantic, but more in the west side) will think that these European laws are less about data security and more about limiting the power of American corporations and making easier the growing of European companies. However many EU officers and Parliament members have states that “it’s not about protectionism but about ensuring customers will receive the proper level of guarantees in terms of data protection and access across Europe”, because as Neelie Kroes (the European Commission vice president in charge of telecommunications and information policy) said, “we need to realize that European citizens will not embrace the cloud if they are worried for their privacy or for the security of their data”. And I share these ideas.
Furthermore, about this economic impact, it also be noted that, in reverse, NSA is accused of conducting industrial espionage in countries all around the world, even allied countries, and the reason to do that is “we collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy. It also could provide insight into other countries’ economic policy or behavior which could affect global markets” (I’ll come back to this subject in further post).
Besides, another point to be taken into account is that personal data are been monetized in different ways by a lot of companies. Two very different factions of people exist, one who values privacy and one that could care less (and, of course, in the middle a lot of variants): for some people, privacy is not valued (they do no bear that its personal data are monetized and shared across platforms), but for others, privacy is sacred (they will even restrict their online presence and social networking). The problem, shown with clarity by the Snowden’s disclosures, is that neither faction actually knows much about what the US government (and other companies) can access and what it cannot and what is the real and full usage that is going to be made with those data.
In the other side, there’s a risk of going too far and effectively putting a significant barrier to business, and in the current economic situation that could have a broader and negative impact in European and non European companies and businesses. So, finding the balance is key and it’s not easy to solve this dilemma between Personal Data Privacy and Business Regulation, even harder when the business is around a technology like the Cloud where free movements of data is intrinsic a one of its advantages, so they can travel (or be copied for availability reasons) from a country to another changing the jurisdiction over them and the laws to be applied.
And another conclusion is that also data security must be improved (the use of strong encryption that can protect user data from all but the most intense decryption efforts).
Finally, another worrying reflection to made is that NSA has shown that it is also subjected to the same risks of Data Loss (it doesn’t matter the way) as any other business company, and Snowden is certainly not the only one who had access to those private data of other people …
