Concern in the European Union that U.S. data protection laws are too lax has created a new market for European cloud computing services.
A recent survey indicated that 70 percent of Europeans have concerns about their online data and how well companies secure it and now two Swedish companies, Severalnines and City Network, have begun promoting their newly merged service as "a safe haven from the reaches of the U.S. Patriot Act." Under the U.S. Patriot Act, data from European users of U.S.-based cloud services can secretly be seized by U.S. law enforcement agencies.
"We believe that a service owned and operated locally in the E.U., and fully compliant with E.U. data protection laws, will be very attractive for European companies. U.S. companies with European operations will also benefit from the lower latency of a locally hosted solution," said City Network chairman Johan Christenson.
This gap in the market is also being exploited by other firms such as DNS Europe, Colt and MESH. The latter strongly promotes its location in Germany and "data separation in strict compliance with German data protection laws."
European legislators are also worried about the protection accorded to personal data held in the cloud.
"It is crucial, for European businesses and users, that the data on the cloud is stored in a safe country," said Philippe Juvin, a Member of the European Parliament (MEP), on Thursday.
The E.U. and the U.S. attempted to overcome user mistrust with the Safe Harbor Agreement, but is widely seen to have failed. Under the agreement, U.S. organizations self-certify their adherence to principles of data security, but there is very little enforcement and some U.S. legislation, in particular the Patriot Act, can override these principles.
Lawyers such as Theo Bosboom of Dirkzager Lawyers see the Safe Harbor Agreement as outdated. "I'm afraid that safe harbor has very little value anymore, since it came out that it might be possible that U.S. companies that offer to keep data in a European cloud are still obliged to allow the U.S. government access to these data on the basis of the Patriot Act," he said. "Europeans would be better to keep their data in Europe. If a European contract partner for a European cloud solution offers the guarantee that data stays within the European Union, that is without a doubt the best choice, legally."
MEP Sophie In't Veld, too, is no fan of the agreement. "Safe harbor nice idea, but it didn't work. When it was set up, times were different and it has almost become redundant by technological progress. We are increasingly aware of problem areas of jurisdiction between the E.U. and U.S. and a voluntary scheme like safe harbor is not a strong concept and will not solve these problems," she said.
The E.U. is currently in talks with the U.S. over sensitive data transfers across the Atlantic and a new European Data Protection Directive will be published in early 2012, which Justice Commissioner Viviane Reding promises will include measures to cover data in the cloud, but it appears that European could services still have a unique marketing opportunity.