Out-Law News 2 min. read

New rules should prevent cloud providers arbitrarily cancelling services or deleting data, says MEP


EU businesses should have greater rights to prevent cloud providers cancelling services or deleting data, an MEP has proposed.

In a document detailing suggested amendments (29-page / 223KB PDF) to a draft opinion for the European Parliament's Civil Liberties, Justice and Home Affairs (LIBE) committee, Dutch MEP Judith Sargentini called on the European Commission to address an imbalance in the terms and conditions set by cloud providers for the use of their services.

Sargentini suggested the Commission write new rules that have the effect of protecting cloud customers from the "arbitrary cancellation of services and deletion of data". The proposals should also guarantee cloud users' "a reasonable chance" in recovering "stored data" in cases where services have been cancelled or data removed by providers, and the Commission should also set "clear guidelines" to enable "the easy migration" of cloud customers from one cloud 

Sargentini had previously issued a draft opinion (3-page / 82KB PDF) for LIBE on plans put forward by the Committee on Industry, Research and Energy at the Parliament to establish a resolution on cloud computing, following the publication of the European Commission's cloud computing strategy last year.

A number of LIBE committee members have now suggested that a number of amendments be included in the resolution, particularly in relation to data privacy in a cloud context.

One MEP suggested that the resolution should state that public authorities, non-governmental services and companies "should rely as far as possible on European clouds when processing sensitive data", whilst a separate proposed amendment would, if backed, require cloud providers to prevent data from being accessed, on an unauthorised basis, by foreign governments. 

Recent media reports have raised questions about the privacy of data stored by major technology companies, including some which provide cloud computing services. A whistleblower who worked at US intelligence body the NSA has leaked details about a computer programme called 'Prism' that is used by the NSA to gather data from the tech firms. 

Amidst uproar from privacy groups, US government and intelligence officials have claimed that data is accessed in line with the US' Foreign Intelligence Surveillance Act (FISA). Many of the tech firms have denied knowledge of Prism and claimed that they do not participate in any surveillance programme that involves granting direct access to their systems.

According to one proposed amendment to Sargentini's draft opinion, cloud providers whose services are provided in a "third country jurisdiction" would be required to issue a "clear and distinguishable warning" to EU users about the potential for there to be surveillance of their data and individuals should be asked to provide their "explicit consent for the processing of personal data" after being provided with this information.

There should be "effective, proportionate and dissuasive administrative sanctions" available to serve on cloud computing providers that "do not comply with EU data protection standards", another MEP recommended.

A resolution that has been voted through by the European Parliament is not a legally binding piece of legislation, but it signals MEPs' commitment to driving discussion, debate or future legislative plans in a particular direction. 

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.