PRISM fallout could cost US cloud industry billions, warns Europe's digital chief

PRISM fallout could cost US cloud industry billions, warns Europe's digital chief

Summary: US cloud service providers could miss out on business from EU firms because of anger of US government surveillance programmes, warns the EU's digital chief.


US cloud providers could miss out on billions of Euros-worth of deals as a result of European concerns around US government surveillance programmes, the EU's digital chief has warned.

Revelations about the PRISM surveillance project, and other initiatives allowing the US government to access data held by American tech firms, could damage willingness by EU firms to host data with US cloud providers, said Neelie Kroes, the European Commissioner for Digital Agenda.

Read this

European Commission 'in denial' over Patriot Act loophole

European Commission 'in denial' over Patriot Act loophole

Exclusive: One prominent member of the European Parliament describes how the Commission is effectively in denial over the reach of U.S. law on European citizens.

"If businesses or governments think they might be spied on, they will have less reason to trust the cloud, and it will be cloud providers who ultimately miss out," Kroes said at the meeting of the European Cloud Partnership Board in Tallin, Estonia.

"Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes? Front or back door – it doesn't matter – any smart person doesn't want the information shared at all. Customers will act rationally, and providers will miss out on a great opportunity.

"If European cloud customers cannot trust the United States government or their assurances, then maybe they won't trust US cloud providers either. That is my guess. And if I am right then there are multi-billion euro consequences for American companies."

Kroes warned US cloud providers could fall foul of future European regulation designed to limit EU firms' ability to use cloud providers that didn't meet "security guarantees".

European cloud service providers should take advantage of concerns about data security and "provide services with better privacy protection", she said.

"The cloud has a lot of potential. But potential doesn't count for much in an atmosphere of distrust. European cloud users and, American cloud providers and policy makers need to think carefully about that," she said.

In Kroes' speech questioning US cloud service providers data security, she didn't mention the impact large-scale surveillance projects run by EU member states would have on the data security of EU cloud service providers.

In recent weeks it has been reported that the UK's intelligence agency GCHQ is tapping undersea internet fibre links and French authorities are running a programme to collect and store metadata from internet traffic "for years".

On Thursday, the European Parliament adopted a joint, cross-party resolution to begin investigations into widespread surveillance of Europeans by the NSA.

Topic: Cloud


Nick Heath is chief reporter for TechRepublic UK. He writes about the technology that IT-decision makers need to know about, and the latest happenings in the European tech scene.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Will tech giants respond?

    Id like to see some response from the tech giants, especially MS who have been working to intergrate SkyDrive across all wp8/w8/xbox platforms. I think lobbying budgets are about to be increased.
    • Well, they know that they are in trouble, as they break the law no matter

      what they do. If they continue as-is, they will suffer a serious crackdown by EU authorities for breach of EU law. If they become compliant with EU law, on the other hand, they will get in trouble with US authorities. The problem is especially grave if they are maintaining servers in Europe they operate under a European subsidiary. Such a subsidiary is inevitably bound by EU law. It normally is NOT bound by US law and US authorities should not be able to compel it to do anything. Of course, they can compel the US parent.
  • Highlighting a problem

    One vulnerability of Cloud services is the ultimate control of the data. Data on an outside server is not totally under one's control. This adds one more point of failure whether by hacking, court order, or subpeona.
  • Thats what the EU is hoping for

    they hate the fact that most people go to online services that aren't in the European Union, because the US companies are getting all the revenue not the EU counterpart.
    • stupid spam filter

      I wouldn’t be surprised if that is the main reason for the eu stance. the fact that they do the same thing doesn't matter. They are looking for an excuse to scare people there onto European services where they can more easily monitor those systems.
      • Are there really any EU corporations or citizens who are stupid enough

        to believe their own EU governments aren't also doing this? This is just deflection to make EU residents focus elsewhere and no one should be stupid enough to fall for this. I brought this up before the UK and France were exposed as doing the same thing. You can bet your bottom euro that all EU member nations are. And yeah the EU bodies do hate that all the money generating services are owned by Google and Apple and Microsoft and Amazon and Netflix and on and on that are all US corps even though they keep their EU profits outside the US. If you want something secure in the cloud heavily encrypt it
        Johnny Vegas
        • The UK Government may have to answer in court

          The UK is actually being investigated for illegally hacking other EU members communications and could be pursued by the EU in the European Court of Justice. Germany is the leading country within the EU block. The German economy is much larger than the UK and their influence and power is much greater and since the German's are known for protecting their privacy I think that they will be pivotal and how the EU responds to the UK. At the moment the UK seems out of step with the EU but London will be brought to heel by them. That's how it always happens.
        • Jingoist much?

          You miss the point. If an EU government does it, there is easy redress for anyone in the EU when it comes out.

          If the NSA does this and hands your data on a silver plate to a US competitor, then the EU entrepreneur can close up shop and that's that.
      • Of course they are looking for an excuse.

        and thee US government sure delivered a really sound one.
  • Greed has its downside

    Lie with dogs, get up with fleas.
  • "ANGER"????

    Well, it isn't "anger" over the surveillance. That's actually ridiculous, and appears to steer attention away from the real reason. Which is the FACT that the US is doing this surveillance. That is an unwanted "bug" in our product offerings, and others will offer a service perceived as having less "bugs".

    It's "competition", and the US government has provided a tidy competitive advantage to all non-US services (whether they actually do anything similar or not, which is why I said "perceived" above).

    In fact, I don't see any hint of "anger" in Kroes' statements. So why did you, Nick, decide to cast it that way? Let's keep the story on point:

    "US cloud service providers could miss out on business from EU firms because US government surveillance programmes violate EU laws, warns the EU's digital chief."

    THIS is the story. The criminal actions of a government. Stop pretending it is anything else.
  • the big cloud industry conference was a few weeks ago

    there was no reduced interest in American companies based on PRISM. a few companies might decide to go to another country, but most won't care. PRISM is a huge civil liberties issue to individuals, but most companies are not afraid of having their corporate secrets leaked to other companies which is all they really care about.