Fast Technological Evolution Calls for Fast Law Development
Cloud computing is appearing to be the prevailing technological standard adopted by more and more companies and individuals across the world. This fast expansion of the Cloud naturally also calls for comprehensive and realistic regulation. However, without a useful working definition of the Cloud between the US and EU, and ways to measure tech trends economically, regulators will continue to fall behind the growth curve.
The last decade has seen unprecedented growth in the amount and genres of digital data and, at the same time, faster than ever evolution in the technologies applied for handling these huge volumes of information. Cloud computing is appearing to be the prevailing technological standard adopted by more and more companies and individuals across the world, thanks to its economies of scale and efficiencies.
This fast expansion of cloud technologies over previous norms naturally also calls for comprehensive and realistic regulation of this emerging market, its actors and norms. However, so far it is a common view that regulators have failed to produce a framework on the Cloud that lives up to the current or impeding technological status; on the contrary, all regulatory efforts fall behind compared to the technical status quo. There are two main reasons for this and two potential solutions I wish to put forward for debate.
1. Standardize a Definition of Cloud Computing between the US and EU
Given the fact that the wider public first came to know about cloud computing through applications that had to do with online file storage and transfer, it is commonly erroneously perceived that cloud technologies are the latest version of data handling technologies. Unfortunately, this is gravely false!
Data management related applications are only one aspect of cloud computing and, certainly, a regulatory approach for the cloud which departs from data management is almost bound to fail to provide sufficient answers for all cloud applications and their particularities. Therefore, regulators and policy makers on both sides of the Atlantic urgently need to discuss and agree on a unanimous, up-to-date definition of cloud computing, realizing that the Cloud, as a regulatory subject, is not a newer version of the so called ‘data transfers regulation' but a completely new field of its own.
The sooner we realize that in order to effectively regulate the Cloud we need to start building a set of rules from scratch and not just amend existing ones regarding data protection, e-commerce, online privacy and other neighboring notions, the better our chances to finally have one day a truly efficient set of rules regarding Cloud Computing.
2. Measure Technological Trends Economically
IT, in general, and Cloud Computing specifically, have traditionally proved to be too fast to catch for regulatory authorities both in Europe and the US. Technology moves on so fast and the adoption rate by end users is actually so quick that the standard decision-making procedures followed by regulatory authorities miserably fail to produce any set of rules that corresponds to where things stand right now technologically, let alone be sufficiently ahead of time in order to effectively regulate the relevant market in the foreseeable future from the moment they enter into force.
This gap between technological standards and legislative delay could be effectively bridged by the use of economics: cloud computing and its relevant market is a totally new one, closely inspected and financially documented right from its infancy. As a result, we already have available an indispensable pool of data that expose in detail how the Cloud has grown as a business, what was the exact path from its laboratory applications to mass availability, as well as what current users expect from it.
Using financial projections, we could have quite trustworthy indicators of where cloud-based applications are heading and what their main upcoming features will be. If regulators pay attention to these indicators well in advance, they will be able to work on producing legislation, which, by the time it becomes binding, will be, if not one step ahead of where things will stand technologically at that moment, at least on a par with the market it aims to regulate.
This fine-tuning between regulation and technical standards, if achieved, will be mutually beneficial for regulators and the market alike. On the one hand, it will finally equip regulatory authorities with a set of rules in touch with reality that will provide immediate and persuasive answers to current regulatory issues. On the other hand, it will also be good for the market and technology itself, as it will not stand in the way towards further evolution and it will clear the way for the next steps of advancement.
All things considered, regulating the Cloud in an effective, transatlantic manner is not a project that would only require the EU and US to talk with one another. Primarily, it necessitates that authorities from both legal orders listen to what computer science has to teach us regarding the precise nature of Cloud Computing and, on a second level, profit from economics (and other sciences offering tools for behavioral description) in the strive for not just comprehensive but also up-to-date regulation.
Xenofon Kontargyris is a PhD researcher on Cloud Computing Regulation at the University of Hamburg Faculty of Law, AMBSL Graduate School.
- Atlantic-Community.org in Transition
- Towards a More Inclusive Transatlantic Partnership: Update on the 2nd Atlantic Expedition
- Topic of the Month: The Future of Health Care
- Do We Need Data Donations?
- eHealth - Tele-Monitoring and Tele-Medicine - Digital Innovation in the Life Science Sector in Germany