Monday 13 June 2011

MEPs and the cloud

I spent a very interesting evening at the offices of Covington & Burlington last Wednesday. Dan Cooper, a data protection blogger who must be even more prolific than me, had organised a session with the European Privacy Association. Who are they? They’re the first European independent organisation dealing with personal information. They see themselves as a gateway to European privacy experts, policy-makers, and a primary place for discussion, debate and education/information, EPA is structured to facilitate effective decision making, working up positions and developing new solutions and strategies.

A couple of the key EPA players, who attended and spoke at the event, were Paulo Balboni, and Pietro Paganini. Also present was EPA Chairwoman, Karin Riis Jorgensen, a former Danish MEP. With an executive Board comprised of Christopher Kuner (from Hunton & Williams), Jules Polonetsky (Co-chair and Director of the Future of Privacy Forum) and Richard Purcell (President & Executive Director of the Privacy Projects and the CEO of Corporate Privacy Group, and Microsoft’s original privacy officer), they are a force to be reasoned with. They occupy a slightly different space to that of the International Association of Privacy Professionals, and it will interesting to see how both groups fare as they seek to extend their reach throughout Europe.

But back to the plot. The focus of the evening (before wine and cheese broke our concentration) was on cloud computing. In particular what it was, and what it was likely to become, given favourable investment conditions and a fair regulatory wind.

This is where the fun really began. We can all see the economic advantages in cloud computing, so long as the regulatory climate is proportionate and can straddle the conflicting demands of local cultures and global infrastructures.

One of the former MEPs at the session made an extremely significant intervention in a debate among some of the legal wonks about whose responsibility it was to ensure that an appropriate legal environment could exist to legitimise all this cloud computing. His message was direct and simple. It was that we should not assume that MEPs either knew about or necessarily cared about these matters. Cloud computing wasn't on the European Commission’s packed agenda for 2011, and even if it could be squeezed in, he feared being swamped in a tsunami of briefing documents that would both overwhelm his electronic in-box and totally confuse him as these abstract legal concepts were so hard to get your head around.

So, in short, if we are to expect help from the European Commission, we are likely to be towards the end of a very long queue.

Instead, what was needed, was for industry to develop its own solutions. We should not expect public servants to be capable of always serving our needs. They can be just as bewildered as the rest of us. And as for getting a workable solution from a team of people, each representing special interests that need to be bartered away in a corner of a Committee room in the Berlaymont building in Brussels, well think on. We’ve seen what’s happened to legislation on “cookies”. And we really think that we can rely on the EU to offer us a stable legal structure when their heads are thinking of clouds?

Perhaps the EPA is one of the organisations to lead on such complicated issues – and let’s hope they find simple solutions before we all wake up and smell the reality. Which will be that the technologists have beaten the lawyers to it. And so we’ll work with the technical reality well before we can be told that, actually, its legally legitimate.

No change from what we've all been doing for years, really.