Do you have operations in Europe? Don’t expect that what you have in the cloud for the U.S. will be allowed in Europe.
Hosted/cloud communications services, VoIP, IP Telephony and Unified Communications may be very limited in their deployment in Europe. Many people have dual usage cell phones for work and personal use. Over 50% of U.S. employees have a private cell phone plan and use the same cell phone for business. This is also true of PCs, especially laptops. As more enterprises move to Unified Communications with multimedia, find-me-follow-me, presence, and user profiles, the information collected could be abused or sold to organizations to the detriment of the employee and employer.
When employees in the U.S. want to use a hosted IPT and/or UC service in Europe, they may encounter some privacy rules that are not expected. American enterprises have a freer hand with cloud computing services, but not in Europe because of strict privacy regulations. This is not preventing the hosted/cloud services, but is slowing down the adoption.
This situation was described in a New York Times article, "Cloud Computing Hits Snag in Europe, by Kevin J. O'Brien, and published September 19, 2010. The European governments enacted regulations about privacy, in 1995 before today’s Internet existed, that are more stringent than those of the U.S. They fear that by gathering personal information, the information will be used by cyber criminals and marketers once the collected information leaves the boundaries of the European Union.
The European definition of personal data is far broader than in the U.S. Even names, addresses and phone numbers are considered personal data. The European Data Privacy Directive that governs the laws relating to privacy generally prohibits the movement of data outside the EU.
And the situation can be even more complex. The Wall Street Journal article postulates that data originating in Bulgaria could pass through several countries, e.g. Romania, Hungary, Austria, Germany and the Netherlands before the data left the EU. Would the U.S. cloud service have to apply for permission from all of these countries? There is no answer yet, but these complications might prevent the use of hosted/cloud computing for most applications. At this time only the U.S., Argentina, Israel, Andorra and Canada have applied for approval to be designated as cloud computing centers.
U.S. businesses that offer cloud computing are lobbying the EU to consider relaxed regulation for information that crosses country borders. Big U.S. firms like Google, HP, Microsoft, and Oracle are pushing for less regulation. Other firms are looking to develop methods that would meet the complex European legal requirments. Another possible technique that may satisfy the regulations is to allow the user to control the information collected and distributed.
A review of the privacy regulations began last year. The results of the review are not expected until mid 2011. This means that any enterprise that plans to use cloud computing in the EU does not have a clear picture. Starting the use of hosted/cloud based communications for U.S. to/from the EU may be very limited. Further, the rules may change in two or three years, requiring modification to the cloud implementation.
