3 Countries with 3 Different Legal Approaches to the Cloud

One of the most fascinating things to watch is how different governments and organizations deal with the advent of cutting-edge tech. It’s particularly interesting to watch the legislative process to see how each individual country decides to regulate these new platforms, gadgets and tools.

Considering our world is so interconnected these days, how these laws line up with each other – or conflict with one another – is of critical importance to any tech-focused individual. When it comes to development in cloud, few technologies have spanned the globe so quickly and affected so many different industries, but due to its prominence, the cloud has also elicited many different responses from governments as they figure out just how to handle the platform.

Laws governing cloud computing and data can be tricky, with arguments constantly flaring up concerning jurisdiction and where exactly one country’s laws end and another’s begin.

In this piece, we’re going to be looking at three different countries and how their individual cloud laws and philosophies affect those looking to utilize the platform.

U.S. Cloud Law

The U.S. is of course one of the most important leaders not only in tech development, but in tech law. After all, due to the importance of the U.S. on the world stage and considering how cloud data storage relies primarily on U.S. based companies, it makes sense that America would feature prominently in terms of legislating the cloud.

Arguably the biggest legal impact that the U.S. has on the cloud has to do with national security.

When information was leaked concerning the National Security Agency’s Prism program back in 2013, many questioned just how much information the U.S. intelligence agencies could gather on people whose data passed through the country.

On top of Prism, the Patriot Act also allows the U.S. government to seize information if it is in the interest of its national security.

While the Patriot Act is not a law dealing directly with the cloud, both it and Prism play a large role in U.S. cloud legislation and how people within and outside the country use the platform.

For instance, the U.S. was engaged in a disagreement of sorts concerning Canadian data and privacy. The issue being that the Canadian government wanted to centralize and unify its email data and therefore wanted its information stored on Canadian servers, eliminating the opportunity for American companies to bid on the contract. The reasoning behind the exclusion of U.S. companies was in part due to concerns the Canadian government had surrounding the purview of the Patriot Act.

Some even advocated for Canada to have its own workaround internet exchange points so it could avoid having its data pass through the U.S. entirely.

But while that’s all well and good for the government, that doesn’t account for the fact that 90% of Canadian internet traffic is routed through the U.S.

Which goes to show two things when looking at cloud legislation in the U.S.: America is ubiquitous when it comes to data traffic on the cloud, and that its national security apparatus can often have an impact on how business is conducted – especially within the cloud where data is circulating across the globe.

The U.S. also often pushes other countries to open-up on their privacy laws, while the country itself has relatively lax policies concerning how companies like Google and Facebook can use the data they gather online.

China Cloud Law

In what should be surprising to absolutely no one, China has fairly strict laws when it comes to the cloud and data management in general. Remember that China has its own insulated internet and laws governing emerging tech, so its position on the cloud is nothing new.

But despite the wide umbrella of the Chinese government looming, the cloud is still growing at a rapid pace in the country. Forrester Research projects that the public cloud market will grow from $2.2 billion in revenue in 2016 to $3.8 billion in 2020.

One Chinese cloud law of particular importance is that every company wanting to operate the cloud platform or host cloud servers in the country has to do so in partnership with a local company. This mandated partnership is on top of the already extensive reach of the Chinese government when it comes to personal data.

As recent as May of this year, the U.S. and China were bickering over new draft rules that would force companies to transfer ownership and operations of their cloud systems to their Chinese partners.

And then you have companies like Microsoft and Amazon disagreeing on the definition of ‘legally’, as Microsoft claims to be the only public cloud that operates legally in the country, despite Amazon and IBM both maintaining operations in China.

When it comes to Chinese cloud law, you have restrictive measures which often favor or at least require close cooperation with Chinese partners, while the government is never afraid to swing its weight around.

EU Cloud Law

While technically not a country, the EU is worth examining in that it represents dozens of countries and has some of the most unique cloud and data laws in the world. This is primarily due to the EU’s focus on consumer rights.

The intergovernmental organization is in the process of enacting the European General Data Protection Regulation, a series of provisions that govern how data will be handled within the member states.

Three of the most important regulations involve the right to be forgotten (as it is commonly known), consumers needing to opt-in in order for their data to be used, and heavy penalties should any of the regulations be breached.

The right to be forgotten has to do with the permanence of the internet and how data never dies, meaning everything online usually remains online. The right to be forgotten allows people to demand that personal data be removed.

Opting-in concerns the ability of companies like Facebook and Google to share your data with marketers. From 2018 on, users will have to consent to the usage of their data before the companies can begin selling their information.

And the fines for misbehaving are heavy: Either 4% of global turnover or €20 million, whichever is higher. The EU is famous for its willingness to fine large companies when said companies find themselves in violation of EU law.

Overall, the EU is taking a far different approach compared to the U.S. and China. Whereas the latter’s laws have many provisions that favor the state, the EU has instead opted to have a more consumer-focused legislative philosophy.

About the Author:

Sean is a content specialist for an It Disaster Recovery FirmSean is a dreamer, idea generator and teller of stories. Sean is also a Basketball fan, traveler, and vintage furniture lover.

Disclosure: This is a guest post