European cloud infrastructure providers have given the thumbs up to the proposed regulation from the European Commission on the ‘Free Flow of Data in the European Union.
Cloud Infrastructure Service Providers in Europe (CISPE) has described the motion as a ‘a major step forward for Europe’s cloud industry’.
However, the proclaimed representative of cloud infrastructure providers in Europe adds there is still an additional focus required in key areas including data security, self-regulation, data portability and protection for SMEs.
The proposal adopted by the Commission earlier this month stretched 20 pages, detailing a framework for the Free Flow of non-personal Data in the EU.
Chairman of CISPE, Alban Schmutz says the proposed regulation gives a major boost to EU plans to create a fully integrated digital single market.
“Removing restrictions on the flow of data cross-border will drive business growth and job creation, giving companies in EU Member States access to an internal market on the same scale as their US or Chinese counterparts,” says Schmutz.
“There are still questions to be answered, however.”
Schmutz asserts the most notable issue is the importance for exceptions to the principle of free flow on ground of ‘public security’ to be narrowly defined and for data classification to be harmonised across the EU.
“Security is an essential corollary to promoting the free flow of data,” says Schmutz.
“CISPE is also calling for a harmonised approach that fosters greater trust in cloud services by properly protecting businesses and their data - an approach consistent with the European Secure Cloud initiative actively supported by countries such as France and Germany.”
Schmutz adds the proposed regulation acknowledges the value of self-regulation in the area of data portability – industry self-regulation is a mechanism which is very much at the roots of CISPE.
“CISPE has had the experience of developing a Data Protection Code of Conduct, helping cloud providers and their customers to anticipate their GDPR compliance in relation to so qualified personal data,” says Schmutz.
“We applaud the Commission for taking this innovative approach on self-regulation compared to other more heavy-handed policy choices, and for acknowledging the need to manage, at an EU level, a public register of all restrictions on non-personal data flows across EU.”
CISPE encourages the European Institutions to ensure that a SME-friendly approach is pursued. Schmutz uses the example of data portability, where it is important to analyse what the cost of the requirements would have for SMEs, including new guaranties in case of bankruptcy.
“We need to ensure that the free flow of non-personal data helps European SMEs rather than creating additional burden for them”, concludes Schmutz.
CISPE is the trade association of cloud computing infrastructure companies in Europe, operating data centres in more than 15 European countries. CISPE member companies serve millions of business customers across all European countries.