The EU Plans to Keep Data Inside Its Boundaries

We have written before about the impact of data privacy concerns in hosted applications. Some countries are concerned about eavesdropping by foreign government agencies, and this has the potential to impact the way SaaS applications are deployed (take note hosted APM vendors.)

You might have noticed lately that if you visit web sites in Europe, like the Economist, they display prominently that their site uses cookies.

An Aside:  You can set browsers to block third-party cookies, which track what web sites you visit.  For example, if you do that in Chrome and then go to the WashingtonPost.com this picture below shows some of those cookies that are blocked.  Here you can see doubleclick.net, who is one of the internet’s largest advertising companies.

Cookie

European regulators and Facebook have been at odds for years over the issue of privacy.  (The Europeans too are suing Google for monopolistic practices, saying they list their own products, like Google Maps, ahead of their competitors in searches.)

That percolating problem has now become a full-blown crisis, because of relations about spying by the NSA.  That Facebook might not be respecting European privacy rules seems trivial given reports that the US has been tapping into the cell phone of German Chancellor Merkel for years.

The French too are sensitive to privacy issues and have their own experience living under Nazi government.  But they are less muted in their criticism, in part because their own espionage service was shown to be tapping into data servers as well.

But French complicity aside, the French and Germans are determined to put in place something that would keep data on their citizens inside European borders.  Toward that end, the President of France and the German Chancellor met recently to discuss how to start or study that effort.

Reuters reported that Chancellor Merkel said, “We’ll talk with France about how we can maintain a high level of data protection. Above all, we’ll talk about European providers that offer security for our citizens, so that one shouldn’t have to send emails and other information across the Atlantic. Rather, one could build up a communication network inside Europe.”

Reuters says the French support Germany on this idea.  A French spokesman told Reuters, “Now that the German government is formed [There were new elections there recently.], it is important that we take up the initiative together.”

Reuters further reported that the Chancellor is critical of Google and Facebook who keep data on German citizens, a country with strong privacy protections, in a country with few privacy protections.

Estonia’s president has weighed in.  (Estonia is another member of the European Union.) He told Zdnet, “Recent months have proven it again: it is very important for Europe to create its own data clouds, operating under EU law and completely safe for users. Right now, 95 percent of the cloud services used in Europe are provided by US companies. EU data protection legislation also needs to be modernized and we should understand that big private firms are able to gather more information than any state,”

This movement is what some analysts already predicted will happen as the Chinese, Iranians, Syrians, and the Americans have militarized the internet.  Even Brazil wants to carve out its communications network where data passing from one Brazilian to another does not have to travel across fiber cable located in, say, Ashburn, Virginia.

If you think about this, this would be a heavy lift for the French, Germany, and anyone else to avoid the USA.  They have to set routing tables such that traffic does not pass across the USA when not necessary.

(Deutsche Telekom is already working on that.  They call it Schengen Area Routing, which is limited to the European Union.)

To meet any proposed new rules, cloud-service providers would have to physically located in Europe and make sure they are not replicating data to any data center located in the USA.  Would that rule out American firms altogether?

What about email?  To keep email inside Europe, someone would have to set up email systems that was different from Yahoo, Gmail, or Hotmail.  Those mails would only stay out of the USA if two people communicating with each other both used both European mail servers and they used ISPs who would follow the Deutsche Telekom model.

The other issue is where do they buy hardware?  Cisco and other American vendors could be pressured by the American’s to install backdoors into their devices thus allowing the NSA to coopt whatever the French and Germans have been in place.  Nokia Siemens would be an obviously candidate to replace Cisco.

Here is what Bloomberg says, “The smooth flow of online communication and commerce between Europe and the U.S. is at risk of interruption, thanks in part to naked opportunism on the part of European telecommunications giants.”

Bloomberg is referring to the Schengen Area Routing we mentioned above and Deutsche Telekom’s money-losing T-Systems division.  Bloomberg writes, “Now, in response to customers’ loss of trust in American services, Reinhard Clemens, T-Systems’ chief executive officer, says he wants to refocus the company on providing cloud services.”

What is all of this going to mean for your European customers and how will these subnets of the internet really American businesses?  What about multinational firms that operate in the US and Europe?  This is a story that will unfold over the next many years, but could affect sales right now.

This has an impact on the APM industry, as many vendors offer SaaS versions of their software. Data about the performance of your applications resides – somewhere. One sure way to avoid these kinds of privacy concerns is to host APM software inside the walls of the enterprise. Did we mention that our SharePath enterprise APM software is hosted on your company’s premises?