Unleashing the potential of cloud computing in Europe

The Committee on Industry, Research and Energy adopted the own-initiative report by Pilar del CASTILLO VERA (EPP, ES) on unleashing the potential of cloud computing in Europe.

The Committee on Legal Affairs and the Committee on Civil Liberties, Justice and Home Affairs, exercising their prerogatives as associated committees under Rule 50 of Parliament’s Rules of Procedure, were also consulted and gave an opinion on the report.

Members welcomed the Commission’s ambition to develop a coherent approach to cloud services, but considered that, in order to achieve the ambitious goals set out by the strategy, a legislative instrument would have been more adequate for some aspects. Owing to the limited budget of the Connecting Europe Facility, Members felt that support for broadband deployment needed to be supplemented with assistance provided under other Union programmes and initiatives, including the European Structural and Investment Funds.

The report also stressed the obvious interest for the EU in having more server farms on its soil since it would foster trust by ensuring EU sovereignty over the servers.

The cloud as an instrument for growth and employment: cloud computing could become a transformative development in all sectors of the economy, with special relevance in areas such as health care, energy, public services and education. Members noted that e-skills and digital education actions in cloud computing development could, consequently, be of extraordinary importance in order to tackle the rising unemployment, especially among young people. They recalled the need to create more qualification schemes for specialists managing cloud computing services. They also highlighted the positive impact of cloud computing services on SMEs, in particular those established in areas facing economic difficulties.

The EU market and the cloud: the report stressed that the internal market should remain open to all providers complying with Union law. They insisted that the Commission take measures to counter the risk that information was accessed directly or indirectly by foreign governments, where such access was not allowed under Union law.

Members also emphasised the importance of ensuring a competitive and transparent Union market in order to provide all Union users with secure, sustainable, affordable and reliable services.

Public procurement: the report encouraged public administrations to consider safe, reliable and secure cloud services in IT procurement, while underlining their particular responsibilities with respect to protection of information relating to citizens, accessibility and continuity of service. It recalled that data integrity and security must be guaranteed and unauthorised access, including by foreign governments and their intelligence services without a legal basis under Union or Member State law, prevented.

The Commission was asked to take the lead in promoting standards and specifications supporting privacy-friendly, reliable, highly interoperable, secure and energy-efficient cloud services.

Consumers: Members asked the Commission to ensure that any commercial agreements between telecommunications operators and cloud providers are fully compliant with EU competition law and that they allow consumers full access to any cloud service, using an internet connection offered by any telecommunications operator.

The Commission was asked to explore appropriate measures to develop a minimum acceptable level of consumer rights in relation to cloud services, covering issues such as privacy, data storage in third countries, liability for data losses and other matters of significant interest to consumers.

Intellectual property: the report urges the Commission to take action to further harmonise laws across the Member States in order to avoid jurisdictional confusion and fragmentation and to ensure transparency in the digital single market. It called, in particular, for clarification of the intellectual property rights regime and for a review of the Unfair Commercial Practices Directive, the Unfair Contract Terms Directive and the E-Commerce Directive, which are the most relevant pieces of EU legislation that apply to cloud computing.

The Commission should also:

• establish a clear legal framework in the field of copyright content in the cloud, especially with regard to licensing regulations;
• investigate how the cloud storage of copyrighted works affects the royalties systems and, more specifically, the ways in which private copying levies that are relevant for certain types of cloud computing services are imposed;
• promote the development of decentralised services based on free and open-source software that would enable EU citizens to regain control over their personal data and communication.

Data protection: the report called on the Commission and the Council unequivocally to recognise digital freedoms as fundamental rights and as indispensable prerequisites for enjoying universal human rights.

Members regretted the approach in the Commission’s communication whereby it failed to mention the risks and challenges attached to cloud computing, and urged the Commission to develop a more holistic communication on cloud computing that takes into account, alongside a reference to fundamental rights, at least the following:

·        guidelines to ensure full compliance with the EU’s fundamental rights and data protection obligations;

·        limitative conditions under which cloud data may or may not be accessed for law enforcement purposes,

·        safeguards against illegal access by foreign and domestic entities,

·        proposals on how to define the ‘transfer’ of personal data and on how to update standard contractual clauses that are tailored to the cloud environment.

The Commission was urged, when negotiating international agreements that involve the processing of personal data, to take particular note of the risks and challenges that cloud computing poses to fundamental rights.