RSA 2010: The Need for Workable Cross-Border Regulatory Frameworks

  • Article

Last week, Scott Charney, corporate vice president for Microsoft Trustworthy Computing, gave a keynote address at the RSA Conference in San Francisco about progress Microsoft has made on the company’s End to End Trust vision for a safer, more trusted internet. As part of his remarks, he explained how our vision applies to security and privacy to cloud computing and the need to establish develop clear rules about how the international community handles cross-border data flows.

 

The global nature of the data flows inherent in cloud computing raise a number of policy questions concerning how people, organizations and governments handle information and interactions in this environment. Today, there are conflicting legal obligations and claims of jurisdiction over user content imposed by different governments around the world, which can lead to ambiguity and significant legal challenges.

 

Factors such as these threaten to diminish one of the core value propositions of cloud computing - the substantial economies of scale that can be achieved through a free-flowing “borderless” data center architecture. As the patchwork of worldwide laws has become increasingly difficult to navigate, it becomes increasing important that governments and industry come together to create a workable framework.

 

For our part, Microsoft has continued to work with industry and governments around the world to establish workable global privacy framework that is consistent, flexible, transparent and principles-based. Most recently, Brad Smith, general counsel and senior vice president, Legal and Corporate Affairs, outlined Microsoft’s suggestions to the United States government about how to deal with cross-border and other privacy issues related to the cloud.

 

We are working with data protection authorities from around the world to develop workable regulatory frameworks that take into account the changing nature of data flows. As part of our continued efforts, Microsoft joined with other companies in supporting an initiative launched at the International Data Privacy Commissioners Conference last May aimed at tackling this issue. We also participate in regional efforts such as the APEC privacy initiative, which is working on a regional privacy framework that addresses challenges of cross-border data flow with an ethic of mutual recognition, where more developed economies work inclusively with developing ones.

 

While these are good and important steps, it’s essential that we continue to build on these efforts to ensure we can all take advantage of all of the benefits cloud computing provides. I look forward to continuing to work on this important issue.

 

Peter Cullen, Microsoft Chief Privacy Strategist