One of the factors limiting the globalization of cloud computing has been concerns about the various legal principles that would be applied by governments in terms of preserving the sanctity of that data. For example, many companies outside the U.S. have been concerned that the U.S. government might apply some of the more draconian aspects of the U.S. Patriot Act to data that belonged to them.
Given the general sensitivity to privacy, this has made many companies outside the U.S. reluctant to store data in data centers that are subject to U.S. jurisdiction. This week, however, Bruce Schwartz, deputy assistant attorney for the U.S. Department of Justice, during a conference call took pains to stress that the Patriot Act does not supersede U.S. international treaty obligations, especially, Schwartz says, the terms of a Convention on Cybercrime that was signed in 2001 in Budapest.
Why Schwartz felt the need to reaffirm a U.S. government commitment to privacy in the cloud this week was a little unclear. But BAE Systems recently announced it was dropping Microsoft 365 specifically due to those data concerns and members of the European Parliament have expressed reservations about the U.S. Patriot Act. Schwartz, testifying before various European Parliament committees, apparently made it clear that the U.S. government feels that the Patriot Act has become a "red herring" issue as it relates to cloud computing. In fact, Schwartz insisted that the U.S. government is as committed to privacy and civil liberties as much as or more so than any nation on the planet. There is, however, no direct U.S. equivalent to the Data Protection Directive in Europe or new data protection legislation winding its way through the European Parliament that could call that statement into question.
Of course, the ultimate proof of that commitment has yet to be seen. And it's not clear if Schwartz was speaking for the current administration or all future U.S. administrations. But what is clear is that the U.S. government is concerned that the perception of U.S. policies around the globe might be having an adverse impact on the U.S. companies trying to compete globally in the cloud. And that, at least, is a step in the right direction.