Out-Law News 2 min. read
03 May 2013, 3:31 pm
A major cloud services provider has begun building a data centre in the UK after admitting that data protection concerns have so far held back its efforts to win government contracts here.
Salesforce said that it is building the new data centre in Slough, which is expected to be completed next year, in an effort to win work from the UK Government.
"We're getting fantastic European growth but we don't do a lot of business in the government sector," Steve Garnett, the chairman of Salesforce in Europe, the Middle East and Africa, said, according to a report by ZDNet. "Some of that is to do with Safe Harbor agreements and data residency, and we can do a certain amount of business with some authorities, but for certain levels of security of data we just haven't been able to do business with them."
Garnett said that the UK data centre "is not necessary" for Salesforce's business customers but that the company could give firms the option of locating data specifically in the UK. He said that the UK data centre would be "of the same magnitude, same size [and] same capabilities" as its existing data centres in the US, Singapore and Japan.
Current EU data protection laws prevent organisations from sending personal data outside of the European Economic Area (EEA) except where adequate protections have been put in place or in circumstances where the destination country has been pre-approved as having adequate data protection. Only a handful of countries, including Argentina, Canada and Switzerland, have qualified as having adequate protection.
The European Commission and the US Department of Commerce have an agreed framework in place that allows for the transfer of personal data from Europe to the US where data protections meet EU standards. US organisations that conform to requirements of the Safe Harbor scheme are deemed as having met European safety standards outlined in the EU's Data Protection Directive.
In a recent event hosted by Salesforce, the company's chief scientist JP Rangaswami described data protection as being a "core concept" in cloud computing. He said cloud providers can play a role in helping firms to meet their data protection requirements by being open about how the handle personal data.
"The phrase people use is informed consent," Rangaswami said, according to a report by V3. "To get informed consent people need to know what is being collected and how it is being used. The customer needs to be aware of that, they need to know what is being collected. This is because it's not our information. The best we can do is ensure what we hold is solid and that we give our customers the ability to communicate back to their customers."
At the Salesforce event, the vice president of technology giant Philips, Wim Van Gils, said that businesses need help from cloud providers in order to be more "explicit" with consumers about cloud services privacy implications.
"We want to be very explicit about what information we're collecting and how we're using it," Van Gils said, according to the report by V3. "Not in some 15-page legal [document] showing what they agree to, we want to bring it up front because we believe it's one of the foundations of becoming a digital company. We need all the help we can get because this is quite new. Most companies are very implicit about it and I think we're entering an age where we need to be explicit about it."
