The European Parliament has backed a new resolution on cloud computing in response to actions the European Commission has set out under its cloud computing strategy. The Commission has engaged the European Telecommunications Standards Institute (ETSI) to help set out what new standards are required for the way that cloud services work.
Standards that could be formed may relate to data security, interoperability and data portability, the Commission said previously.
In their new resolution, MEPs welcomed ETSI's participation in the standard setting process and added that the standards being created "should enable easy and complete data and service portability, and a high degree of interoperability between cloud services, in order to increase rather than limit competitiveness".
The resolution also set out the Parliament's view that cloud providers should be said to be 'data controllers' under EU data protection laws where they benefit from an "imbalance" in the contract terms that allows them to set "the purposes, conditions and means" by which data stored on its servers is processed. Where such a situation applies, cloud providers should "become jointly liable with the customer" in relation to their data protection obligations, it said.
The MEPs also used the resolution to call on the Commission to establish clear laws on how copyright applies in the context of the cloud. It said that rights holders should enjoy "fair compensation for the use of their work" in the cloud, but questioned whether it is appropriate to impose levies on those services to account for private copying. Some EU countries apply private copying levies to some physical recording and storage media to ensure rights holders are compensated fairly for private copying undertaken by consumers.
The Commission should "investigate the different types of cloud computing services, how the cloud storage of copyrighted works affects the royalties systems and, more specifically, the ways in which private copying levies that are relevant for certain types of cloud computing services are imposed," the resolution said.
The MEPs also expressed disappointment that the Commission's cloud computing strategy did not account for "collateral aspects such as the energy consumption of data centres and related environmental issues".
In response to reports about alleged US surveillance of data stored by some major US technology companies, including cloud providers, MEPs also called for the Commission to lay out new guidelines for businesses on how they can "ensure full compliance with the EU’s fundamental rights and data protection obligations".
They also called for the Commission to set "limitative conditions under which cloud data may or may not be accessed for law enforcement purposes, in compliance with the EU Charter of Fundamental Rights and with EU law".