Cloud computing: fast technological evolution calls for fast law development; how can we make this happen?
The last decade has seen unprecedented growth in the amount and genres of digital data and, at the same time, fastest than ever evolution in the technologies applied for handling these huge volumes of information. Cloud computing is appearing to be the prevailing technological standard adopted by more and more companies and individuals across the world, thanks to its economies of scale and efficiencies. This fast expansion of cloud technologies over previous norms naturally also calls for comprehensive and realistic regulation of this emerging market, its actors and norms. However, so far it is common view that regulators have failed to produce a framework about the Cloud that lives up to the current or impeding technological status; on the contrary, all regulatory efforts fall behind compared to the technical status quo. There are two main reasons for that and two potential solutions I wish to put forward for debate:
a. so far, most regulatory approaches about the Cloud fail to actually focus on the Cloud: given the fact that the wider public firstly came to know cloud computing through applications that had to do with online file storage and transfer, it is commonly erroneously perceived that cloud technologies are the latest version of data handling technologies. Unfortunately, this is gravely false! Data management related applications are only one aspect of cloud computing and, certainly, a regulatory approach for the cloud which departs from data management is almost bound to fail to provide sufficient answers for all cloud applications and their particularities. Therefore, regulators and policy makers on both sides of the Atlantic urgently need to discuss and agree on a unanimous, up-to-date definition of cloud computing, realizing that the Cloud, as a regulatory subject, is not a newer version of the so called ‘data transfers regulation’ but a completely new field of its own. The sooner we realize that in order to effectively regulate the Cloud we need to start building a set of rules from scratch and not just amend existing ones regarding data protection, e-commerce, online privacy and other neighboring notions, the better our chances to finally have one day a truly efficient set of rules regarding Cloud Computing.
b. the pace at which regulatory efforts are moving is desperately slower than the actual pace at which technology evolves: IT, in general, and Cloud Computing specifically have traditionally proved to be too fast to catch for regulatory authorities both in Europe and the US. Technology moves on so fast and the adoption rate by end users is actually so quick that the standard decision-making procedures followed by regulatory authorities miserably fail to produce any set of rules that corresponds to where things stand right now technologically, let alone be sufficiently ahead of time in order to effectively regulate the relevant market in the foreseeable future from the moment they enter into force. This gap between technological standards and legislation delay could be effectively bridged by the use of economics: cloud computing and its relevant market is a totally new one, closely inspected and financially documented right from its infancy. As a result, we already have available an indispensable pool of data that expose in detail how the Cloud has grown as a business, what was the exact path from its laboratory applications to mass availability, as well as what current users expect from it. Using financial projections, we could have quite trustworthy indicators of where cloud-based applications are heading and what their main upcoming features will be. If regulators pay attention to these indications well in advance, they will be able to work on producing legislation, which by the time it becomes binding, will be, if not one step ahead of where things will stand technologically at that moment, at least on a par with the market it aims to regulate. This fine-tuning between regulation and technical standards, if achieved, will be mutually beneficial for regulators and the market alike: on the one hand, it will finally equip regulatory authorities with a set of rules in touch with reality that will provide immediate and persuasive answers to current regulatory issues. On the other hand, it will also do good to the market and technology itself, as it will not stand in its way towards further evolution but it will clear the way for the next steps of advancement.
All things considered, regulating the Cloud in an effective, transatlantic manner is not a project that would need the EU and US to just talk to each other. Primarily, it necessitates that authorities from both legal orders listen to what Computer science has to teach regarding the precise nature of Cloud Computing and, on a second level, profit from Economics (and other sciences offering tools for behavioral description) in the strive for not just comprehensive but also up-to-date regulation. m