Verizon Business backs proposed EC cloud computing laws

Verizon Business has emerged as one of the major cloud providers urging the European Commission to introduce Binding Safe Process Rules (BSPR) to boost the use of cloud technology.

As revealed by V3 on Wednesday BSPR will allow cloud firms to assume legal responsibility for information held in their datacentres, thereby removing some of the concerns of companies considering cloud services.

The backing of BSPR was revealed in documents sent to the EC by law firm Field Fisher Waterhouse on behalf of Verizon Business during a consultation on proposed changes to the Data Protection Directive at the start of the year.

"Verizon Business would like to seek appropriate legislative changes to accommodate the BSPR concept within the new framework amending the Directive," the documents said.

"Verizon Business urges the EC to consider this proposal for the purposes of formulating the new legislative framework."

V3 contacted Verizon Business for further comment, but had received no reply at the time of publication.

V3 also contacted several other cloud providers, including Google, Amazon Web Services (AWS) and Salesforce, for their thoughts on the proposed system. Google declined to comment, and Salesforce and AWS have not replied.

The Information Commissioner's Office, which would be the UK organisation tasked with giving cloud firms the right to be responsible for data under BSPR, told V3 that it is aware of the proposals and is monitoring developments.

"BSPR are an interesting concept and we will be following legislative proposals closely as they emerge," a spokesperson said.

Paul Vlissidis, technical director at consultancy group NGS Secure, suggested that the BSPR proposals could provide "a boost for cloud uptake" by making firms comfortable with outsourcing data to cloud providers.

"[BSPR] clear up an important grey area, as many companies already think that cloud security is the responsibility of providers," he said.

"If those providers are now forced to substantially demonstrate their security to customers, that has to be a good thing."

The first draft of the proposed revisions to the Data Protection Directive are likely to be published in November when the extent of the proposals, and those relating to a mandatory breach disclosure notification system for all companies, will be revealed.