Joanne Frears| Theguardian
Data protection is coming of age. 2014 means it’s 16 years since the Data Protection Act was enacted, but the technical environment has evolved almost beyond recognition in that time.
In the wake of Edward Snowden’s spectacular whistleblowing around Prism in 2013 the question is whether 2014 will be a year spent wondering how safe our personal data is, or one where legislators respond to industry and consumer calls for better data security.
US Consumer Bill of Rights
The US will have to work hard in 2014 to shrug off the Snowden revelations. Obama’s defence of the NSA may be ‘party line’, but since 2012, his administration has been pushing for an overhaul of privacy protection with the Consumer Privacy Bill of Rights.
In 2014, this US wide legislation might well make it into the statute books. US consumers will finally be able to control what personal data is stored and how it is used. They will also be able to ensure their personal data is accurate and to expect it is held securely and only used for the purpose it was collected for.
European cloud security
I see a spring in the step of EU legislators, who are moving quickly (well, quickly for a bunch of lawyers) to pull together regulations for cloud security. The European Cloud Partnership (ECP), tasked with setting a digital agenda for Europe has called for further harmonisation of member states’ national laws regarding location of data; ownership of digital content and fair and transparent rules for access to data.
With the real prospect of being the first legislators to tackle cloud security and engage with industry to adopt better regulation, I foresee the EU setting the agenda for cloud security for consumers and, if it can, for governments too in 2014. What will be on that agenda?
Business and consumer cloud users are calling for regulations to make changing cloud service providers easier. 2014 will be the year when data movement finally becomes fluid.
Model contracts making legal rights/obligations clear
Data portability shouldn’t be difficult, but most cloud service providers’ (CSPs) contracts make it so. This leads me to another prediction for 2014; standard industry contracts for public and hybrid cloud services. Trust is key and to some extent industry interoperability standards still need to be established, but again, the EU has responded quickly and the industry is onboard with its vision.
New EU consumer protection legislation will also effect cloud provision for consumers and the requirements of that legislation are that contracts must be ‘safe’ and ‘fair’, which should aid consumer choice.
Certification of trustworthy cloud providers
Finally, another ECP initiative is to certify cloud providers. This ‘get with the programme’ approach led to significant advances in confidence in e-commerce years ago. The idea that TClouds are resilient, secure and scaleable is a welcome initiative that will gain traction in 2014. Certified clouds with the assurance and reassurance that brings will lead to better take up and wider use of different services for different requirements across CSP.
2014 will see the cloud start to mature. Luckily, 16 years of data protection have created expectations of good practice, insight and useful perspective on how we achieve this.