Taking on the Cloud Challenge in Europe

Transcription

1 Taking on the Challenge in Europe scape VII Conference, Brussels Jonathan Sage Government and Regulatory Affairs Cyber Security and Policy Lead, uk.linkedin.com/in/jonathansageibm 2015 IBM Corporation

2 High level industry concerns in 2015 in terms of Policy NEGATIVES towards Localisation - Local and regional cloud suppliers cloud s Snowden revelations created Business Fear, Uncertainty & Doubt in 2013 This has not yet blown over surveillance and privacy concerns for users are still acute Digital Protectionism, trade barriers there are more and more manifestations of restricting the cloud market in Europe, using data protection or security as an excuse Data transfer transfer mechanisms upon which businesses depend are being questioned and possibly suspended POSITIVEStow EU Policy - EU developing special conditions for Europe, to specific EU ards level certification, specific codes and contract terms which are now coming on stream and should build trust and confidence DSM a chance to get the balance right? 2

3 Regulatory and quasi- regulatory initiatives affecting Proposals / Initiatives in play Data Protection General Data Protection Regulation (GDPR) replacing the 95/46 Data Privacy Directive Cyber Security Network and Information Security Directive Computing Copyright Danger of backdoor regulation through GDPR and NIS risk of levies on cloud in Copyright reform Assertion that Copyright needs reform urgently which could have an adverse effect 3

4 and soft / hard regulation No specific legislation proposed 2012 Communication on Computing still the basis of policy on to that shortly But regulation by the back door via NIS and GDPR also possibly standards and certification.. Trust crisis post Snowden and European protectionism Question about regulating essential platforms possibly using Art 102 Multiple problems with NIS and GDPR Brings confusion into the current separation between Data Controller and Data Processor which underpins enterprise 4

5 Effects of GDPR and NIS on policy Premise that there is a significant problem with technology espec. social networks with regard to data privacy and security Update on Dir 95/46 crucial to provide higher levels of protection Multiple problems with implementation Brings confusion into the current separation between Data Controller and Data Processor, makes big data analytics in the EU difficult if not impossible to roll out. 5

6 Specific example Computing difficulty of defining Broad concept of computing depending on the definition could be equivalent of nearly all IT Services Not everything is critical depends on for what purpose cloud is used Customer Data Controller Normal reporting process in a services agreement Problems facing cloud s in an enterprise environment if they have to report an incident out to another authority 1 Different s 3 Causes conflict between cloud user (data controller) and cloud (data processor) Used for different purposes and functions 6

7 computing strategy strategy's key actions DG CONNECT WGs for the implementation of the strategy The European Commission's strategy 'Unleashing the potential of cloud computing in Europe' Adopted on 27 September 2012, it is designed to speed up and increase the use of cloud computing across the economy Cutting through the jungle of technical standards Development of model 'safe and fair' contract terms and conditions A European Partnership to drive innovation and growth from the public sector. ETSI: Standards Coordination CERT SIG CODE OF CONDUCT SIG SLA SIG Steering Board Now completed Now completed Hopefully close to finalisation Now completed The European Partnership Pre-commercial Procurement Consortium In progress 7