Memo 49: Creating Cloud Norms While Keeping Innovation Alive
Memo 49: Our Cloud Theme Week looked at the ways in which current regulation on Cloud technology has fallen short or lagged behind innovative technological growth. As part of our new project "Transatlantic Digital Dialogue" we published five articles (February 9 – 13) on Cloud computing and its increasingly important role in business and consumer applications.
As this technology becomes increasingly important for both business and consumers, how the government regulates and addresses data protection and risks inside the Cloud is important to future policy discussions. The impact of such regulation will be critical for both the US and EU moving forward.
1. Realize the uniqueness of Cloud computing when creating new laws
The complexities of the cloud combined with a lack of binding legislation means that current guidelines on the subject often substitute for actual law (Neal Cohen). Using these guidelines, company compliance departments often interpret contradictory frameworks for understanding the full scope and risk of managing Cloud data (Steve Durbin). Thus, clarifying existing guidelines through creation of actual law would help here.
2. Track tech growth through economic and financial forecasts
The regulatory lag behind technological innovation is a perrenial problem for policymakers, and while preventing abuse is important, so is the need to encourage economic growth and innovation. This means that regulators must look ahead of the current economic trends in Cloud computing instead of focusing on what has already gained prominence. Tracking financial investment in specific sectors of the Cloud computing industry (Xenofon Kontargiris) would allow for this awareness in long-term trends, with overall financial forecasting providing a good way to keep ahead of the curve instead of constantly lagging behind it.
3. Integrate IT and Computer Science experts into the discussions
The ubiquity of the Cloud for consumers and business means that technological advancements will continue to make the Cloud even safer and friendlier to use (Dr. Kolesnichenko and Dr. Smorodin) but in order to do this an integrated approach should be applied. The technological aspect allows one to create common Cloud architecture for many different local Clouds, while the separation of "security" definitions helps clarify what is needed. Finally, IT and Computer Science experts need to be included in the policymaking discussions so that data protection and privacy concerns adequately address the tech-specific needs of the Cloud.
One area that IT experts can help is in developing more transparency within the Cloud service, which as it currently stands, is often opaque and far-removed from the user (Dr. Jatinder Singh and Dr. Julia Powles). Increasing transparency will also address the multiple functions of the Cloud as both a fiduciary and protector of confidential and sensitive information.
Neal Cohen is a fellow at the Berkman Center, researching and analyzing the global convergence of data protection and privacy laws and their greater impact on society.
Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, cyber security, BYOD, the cloud, and social media across both the corporate and personal environments.
Xenofon Kontargyris is a PhD researcher on Cloud Computing Regulation at the University of Hamburg Faculty of Law, AMBSL Graduate School.
Olga Kolesnichenko is the Editor in Chief of Security Analysis Bulletin, PhD, researcher of Big Data at Lomonosov Moscow State University, Department of Global Processes.
Gennady Smorodin is the Head of EMC Academic Alliance Russia & CIS, PhD, MBA, he coordinates projects in universities in 7 countries.
Jatinder Singh is a Senior Research Associate at the Computer Laboratory, University of Cambridge. He works on issues of management control in distributed systems, particularly for cloud and IoT, and is involved in the Microsoft Cloud Computing Research Centre, which explores the tech-legal intersection of cloud computing.
Julia Powles is a lawyer and researcher at the Centre for Intellectual Property and Information Law, University of Cambridge, where she works on the law and politics of information-based assets, from data privacy to patent law.
Atlantic Memos showcase the best ideas and arguments from debates in the Open Think Tank on www.atlantic-community.org. Please take the next step and help us spread the word. You can download a PDF copy of this Atlantic Memo to distribute to your local or national decision-makers. The recommendations expressed above come from your Atlantic Community.
- Atlantic-Community.org in Transition
- Towards a More Inclusive Transatlantic Partnership: Update on the 2nd Atlantic Expedition
- Topic of the Month: The Future of Health Care
- Do We Need Data Donations?
- eHealth - Tele-Monitoring and Tele-Medicine - Digital Innovation in the Life Science Sector in Germany