In the wake of the extensive revelations concerning the NSA’s spy programs and digital reach, European lawmakers have renewed a push for stricter rules concerning user privacy rights. According to the New York Times, the idea is that every time data is going to be transferred out of the country, cloud services would have to warn citizens about exactly where their data was going, and what the legal effects might be. In some proposed amendments, such data transfers would actually be barred from taking place unless a series of requirements were met. These would include obtaining the consent of the user, and displaying notifications in prominent locations and clear wording. Exactly what effect such rules would have on services such as Google, not to mention the thousands of other backup, storage, and internet based companies, is unclear. We list a few of the potential scenarios below:
Wasted Money, with No Change
For all of the media’s revelations about NSA programs like PRISM, there has been seemingly little change among consumer or business internet habits. A recent report by Verizon found that cloud-adoption rates among businesses haven’t slow at all. In fact, enterprise companies have doubled the amount of data they’ve put in public clouds over the past 18 months. Such changes are being driven partially by price (private cloud infrastructures are expensive and require dedicated IT teams), but the trend suggests that companies and users aren’t so shaken by the NSA’s on-going data collection efforts as you might expect. If such indicators are true, then these new regulations will do little to change internet usage. They will, however, cost every company that operates global internet services to invest more money and infrastructure into a feature that will likely be ignored (or dismissed as an annoyance) by the vast majority of users. That isn’t even touching on the idea of enforcing such warnings across the entire internet.
Big Players Remain, Small Players Can’t Afford to Play
Internet giants such as Google, Apple, and Amazon will be able to comply with any regulations thrown their way, financially and in terms of infrastructure. Smaller internet companies face a far more uncertain future. Depending on the severity of such restrictions, and the fines for non-compliance, its entirely possible that such rules will limit the number of true global players on the internet. Startup services won’t have the resources to build independent data centers for each country, and may choose to simply operate in the US, for US users. This would fall generally in line with the balkanization idea that we’ve written about before. By far, this is the less ideal scenario. A fragmented internet would serve to isolate poor countries and restrict innovation worldwide.
In order to avoid such outcomes, new restrictions on cloud computing need to be weighed against their potential ramifications for business, and actual user demand. Right now these proposals are originating largely from government officials, not activist groups or business coalitions. Protecting data privacy is a noble and necessary goal, but shouldn’t become an excuse for the balkanization of internet services, or the placing of needless (and ineffective) restrictions on products.