Category Archives: Europe

What happens to EU General Data Protection Regulation if the UK votes for a Brexit?

EuropeBusinesses warned not to give up on data reforms just because UK could quit Europe

As the UK prepares to vote on whether to leave the European Union, businesses are being warned not to give up on data reforms inspired by the forthcoming EU General Data Protection Regulation (GDPR).

Businesses across the country have been studying implications of the new Regulation, due to be in force in May 2018, which aims to create a ‘one-stop shop’ for data protection across the European Union.

Some of the key aspects of the bill include huge fines for data breaches, new rules around the collection of personal data and new rights for European citizens to ask for data be deleted or edited. Many businesses will also be required to appoint a Data Protection Officer.

However, the Brexit vote opens up the possibility that the UK could be out of the EU by the time it comes into force.

John Culkin, Director of Information Management at Crown Records Management, said: “It would be tempting for businesses to think that if the UK leaves the EU this regulation would not apply. In fact, that isn’t the case. Although an independent Britain would not be a signatory of the Regulation, in reality it would still be impossible to avoid its implications.

“The Regulation governs the personal data of all European citizens, providing them with greater control and more rights over information held about them. So any company holding identifiable information of an EU citizen, no matter where it is based, needs to be aware. With millions of EU citizens living in the UK, too, it’s hard to imagine that many businesses here would be unaffected.

“The same applies to data breaches involving the personal data of European citizens. So it will still be vital to have a watertight information management system in place which allows businesses to know what information they have, where it is, how it can be edited and who is responsible for it.”

Even if the UK votes to leave the EU, data in Great Britain & Northern Ireland will continue to be regulated by the current Data Protection Act, which was passed in 1998.

A spokesperson for the Information Commissioners’ Office (ICO), an independent body set up to uphold information rights, said: “Although derived from an EU Directive, the Data Protection Act was passed by the UK Parliament and will remain in place after any exit, until Parliament decides to introduce a new law or amend it.

“The UK has a history of providing legal protection to consumers around their personal data. Our data protection laws precede EU legislation by more than a decade, and go beyond the current requirements set out by the EU, for instance with the power given to the ICO to issue fines.

“Having clear laws with safeguards in place is more important than ever given the growing digital economy, and is also central to the sharing of data that international trade relies on. The UK will continue to need clear and effective data protection laws, whether or not the country remains part of the EU.”

Culkin believes there is a real danger that UK businesses will defer crucial reforms of their information management systems – just in case the Brexit vote in June changes the agenda. But he warns it is a big risk.

He said: “Businesses should be thinking about the benefits of good information governance rather than hesitating because of what could happen in the future.

“There is no point putting in place systems that ignore privacy by design, for instance, when that is good procedure – no matter what happens in Europe in June. The same is true of measures to protect a business from data breaches, which have reputational as well as financial implications – no matter who imposes the fine.

“As for personal data, citizens, in the UK are only going to be more demanding about how their data is collected, stored and edited in future – the genie is out of the bottle and it’s not sensible to think that leaving the EU will change it. Preparing for a modern data world is not only about the GDPR.”

This a view shared by the ICO which will continue to ensure organisations meet their information rights obligations no matter how the UK votes.

A spokesperson said: “Ultimately, this is a decision for organisations based on their own particular circumstances. Revisiting and reassessing your data protection practices will serve you well whatever the outcome of the referendum. Investing in GDPR compliance will ensure an organisation has a high standard of data protection compliance that will enable the building of consumer trust.”

EC clears acquisition of EMC by Dell – won’t distort competition

Dell office logoThe European Commission has approved the acquisition of storage and software giant EMC by PC and server maker Dell.

In a statement Commissioner Margrethe Vestager declared that the deal meets the criteria of the EU’s Merger Regulation. The strategic importance of the data storage sector meant that the EC was able to approve Dell’s multi-billion dollar takeover of EMC within a short space of time, according to Vestager, who thanked the Federal Trade Commission for close cooperation.

The Commission assessed the effects of the transaction on the market for external enterprise storage systems. The Commission also investigated the risk that the merged entity could attempt to restrict access to VMware’s software for competing hardware vendors. The Commission is convinced there will be no adverse effects on customers, according to Vestager.

The Commission found that the merged entity has a moderate market share in the market for external enterprise storage systems and the increment brought about by the merger is small. The new Dell/EMC entity will continue to face strong competition from established players, such as Hitachi, HP, IBM and NetApp, as well as from new entrants, it said.

Despite VMware’s ‘strong market position’ in server virtualization software, the available evidence led the EC investigators to conclude that the merged entity would have neither the ability nor the incentive to shut out competitors. The likes of Citrix, Microsoft and Red Hat can give it plenty of competition in the server virtualisation market, the EC has judged, and it predicted that the EMC/Dell hybrid won’t have things its own way in new technology markets.

Since customers typically multi-source from more than one server virtualization software provider and VMware’s approach has traditionally been hardware and software-neutral, it offers work opportunities to a large number of vendors. Equally, in the server market, Dell has strong competitors that will continue to operate either in partnership with VMware or with third party virtualisation software providers.

The combination of Dell’s and EMC’s external enterprise storage systems products won’t have an impact on competition given the number of alternatives to VMware’s software.

The Commission also asked whether the merged entity could shut competitors out from the virtualization software used for converged and hyper-converged infrastructure systems. Here it also found there were no concerns raised. The merger, when first reported in BCN in October 2015, was valued at $60 billion.

BT wins £24 million worth of EU cloud service contracts

BT Sevenoaks workstyle buildingTelco BT has won new two cloud service contracts with European Commission worth £24 million, which brings its total of EC contract wins to four in 12 months.

The brief, to provide public and private cloud services across 52 major European institutions, agencies and bodies, is one of the largest government contracts in Europe. Among the clients receiving the cloud computing services are the European Parliament, the European Council and the European Defence Agency.

The two framework contracts, announced this week, were awarded in December 2015, and will run for a maximum of four years once legal details have been finalised. Once work begins BT will implement the contracted private cloud services, after which it will become one of five providers competing to run public cloud projects.

The two new deals are the third and fourth European Commission framework contract wins awarded to BT in 2015, all of which involved open calls for tender from all EC approved suppliers.

In August 2015 BT signed a seven year £11.5 million (€15.2m) framework contract with the European Commission to provide voice services across 21 major European institutions, agencies and bodies. This followed March’s award of a five year £42 million (€55.7m) framework contract for the delivery of dedicated internet access to all major European institutions, agencies and bodies across the 28 member states. BT has provided services to the European Union for more than a decade.

The newly contracted services will be hosted from a geographically diverse spread of data centres within the European Union and all customer data will remain within the Union. As part of the tender process BT had to prove it could meet strict EU requirements for data sovereignty, compliance, security and privacy.

BT will integrate and manage the data centre estate using its Compute Management System (CMS), a single, federated portal for IT services which, BT claims, is its ‘secret sauce’ for winning contracts.

“This is a milestone in our journey to be the leading global cloud services integrator,” said Corrado Sciolla, BT Global Services’ president.

Cloud28+ promises to clear up the cloudy issues of compliance

Hewlett Packard Enterprise (HPE) claims its new Cloud28+ cloud service catalogue will simplify the search for compliant cloud services for European enterprises.

Cloud 28+ is a community of commercial and public sector organisations aimed at expanding cloud service adoption across Europe. The Cloud28+ catalogue, on the other hand, is a centralized enterprise app store which now lists 680 cloud services from 150 members across the range of Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) offerings. To date 1000 end user organisations have pre-registered to use the catalogue.

The matchmaking Cloud28+ service online catalogue, now on general availability, promises a broad range of benefits for European customers. It allows customers to specify data centre locations and providers, in accordance with local laws and business requirements. It will helps users to find cloud-native independent software vendors with whom they can partner and it will help companies market themselves more expansively by letting them publishing their own services in the catalogue. This could allow end user organisations to turn their IT teams into ‘revenue-generating engines’, claims HPE.

The main benefit of the Cloud28+ service catalogue, HPE claims, is that it gives open access to huge numbers of enterprise cloud services. This will help cloud buyers to compare the cloud market, on functional and non-functional criteria, including price, service level agreements and certification levels.

One of the main selling points of the system is that is makes it easier to comply with increasingly strict data protections laws in the EU, according to James Kinsella, founder of Zettabox a cloud storage and team sharing system and the latest addition to the Cloud28+ catalogue. “It’s a logical community for Zettabox to join, as its mission is to build a cohesive and collaborative cloud environment, for Europeans by Europeans,” said Kinsella.

The Cloud28+ technology framework is based on HPE Helion OpenStack. This will give it the portability of cloud services and eliminate vendor lock-in, said Xavier Poisson, Hybrid IT VP at HPE. “This is an important milestone on the journey to a European Digital Single Market,” said Poisson.

The overturning of the Safe Harbour agreement in European courts had tremendous implications for cloud service providers, according to one analyst. “It certainly makes services that comply with European data privacy requirements more attractive,” said William Fellows, analyst at 451 Research.

Equinix cleared to buy Telecity but must sell London, Amsterdam and Frankfurt facilities

datacentreThe European Commission has approved the proposed acquisition of data centre operator Telecity by rival Equinix. However, to assuage anti competition concerns, Equinix had to agree to sell off a number of data centres in Amsterdam, London and Frankfurt.

BCN reported in May that Equinix and TelecityGroup agreed to the $2.35bn takeover in which US-based Equinx would buy all issued Telecity shares. The acquisition gives Equinix a stronger presence in the UK and would extend its footprint into new locations with identified cloud and interconnection needs including Dublin, Helsinki, Istanbul, Milan, Stockholm and Warsaw. Equinix provides colocation services in 33 metropolitan areas worldwide. Telecity operates data centres in 12 metropolitan areas in the European Economic Area (EEA) and Turkey.

However, the activities of Equinix and Telecity overlap in the four EEA metro areas of Amsterdam, Frankfurt, London and Paris.

In a statement issued by the EC Commissioner in charge of competition policy Margrethe Vestager said the growing economic importance of cloud services makes it crucial to maintain competition between data centres. However the deal does not necessarily stifle competition, Vestager said. “The Commission is satisfied that the commitments offered by Equinix will ensure that companies continue to have a choice for hosting their data at competitive prices,” said Vestager.

The Commission has concerns that the concentration of data centres controlled by one vendor could lead to higher prices of colocation services in the Amsterdam, London and Frankfurt metropolitan areas. The remaining competitors in these areas are unlikely to be able to match the competitive pressure currently exercised by Telecity, it had concluded, and new players would have faced significant difficulties to enter the market due to the high investment and deployment times needed.

To address the Commission’s concerns, Equinix submitted commitments, offering to divest a number of data centres in Amsterdam, London and Frankfurt.

EC calls for Safer Harbour agreement – issues new guidance

The European Commission has issued new guidance to companies on transatlantic data transfers and has called for a rapid creation of a new framework.

In October BCN reported how a ruling on the case of Schrems vs Data Protection Commissioner) rendered the US-EU Safe Harbour Agreement invalid as it was revealed that EU citizen’s data was being accessed by the US National Security Agency (NSA).

The Commission said it has stepped up talks with US authorities on a new framework and issued guidance to help companies comply with the ruling and work with alternative transfer tools.

“We need an agreement with our US partners in the next three months,” said EV VP Andrus Ansip, who is responsible for the Digital Single Market. “The Commission has been asked to take swift action: this is what we are doing. Today we provide clear guidelines and we commit to a clear timeframe to conclude current negotiations.”

“Citizens need robust safeguards of their fundamental rights and businesses need clarity in the transition period,” said Commissioner Vera Jourová, adding that 4,000 companies currently rely on the transatlantic data pact.

The EC guidelines advised on how data transfers can continue to be pursued by businesses in the interim period. It covers issues such as contractual solutions and contractual rules, binding Corporate Rules for intra-group transfers, derogations and the conclusion or performance of a contract. The guideline document, which is 7,981 words long, runs to 16 pages of challenging reading and is open to interpretation.

“As confirmed by the Article 29 Working Party, alternative tools authorising data flows can

still be used by companies for lawful data transfers to third countries like the United States,” concludes the guidance document. “However, the Commission considers that a renewed and sound framework for transfers of personal data to the United States remains a key priority.”

Enforcement against non-compliance with the Safe Harbour court ruling come into place at the end of January 2016.

OVH promises undeniable public cloud service in the UK

cloud exchangeEuropean hosting giant OVH has launched a public cloud service in the UK with customisable security as protection against cyber attacks becomes a major selling point alongside open systems mobility.

The service is aimed at developers, system administrators and DevOps, and promises triple data replication, hosting in European data centres and a ‘five nines’ service level agreement (SLA). The OVH Public Cloud is based on OpenStack which, says OVH, will make integrating applications, migrating to the Cloud and moving between cloud providers easier for system builders who want to keep their options open. For this reason, it will also monthly and hourly payment mechanisms so clients aren’t forced to over commit resources. Those that can make monthly payments will get a 50% discount however.

The two main offerings will be Public Cloud Instances and Public Cloud Storage.

Public Cloud Instances provides a choice between two types of virtual machines. RAM instances (starting at £25 a month) are designed for memory-hungry apps such as software as a service (SaaS), multimedia creation and managing large databases. Cloud CPU instances, at £21/month, are designed for managing processing-heavy tasks such as data analytics, computer simulations and managing peak server loads.

The Public Cloud Storage service offers high-availability object storage, to save software developers from the complications involved in setting up network file system or file transfer protocols. Classic and high-speed storage options are also available.

All the Public Cloud packages have automatic, unlimited distributed denial of service (DDoS) protection against all types and lengths of attacks, with detection and auto-mitigation and a back up service of triple data replication. All services will have access to OVH’s global fibre optic network OVH Net.

“We want UK businesses to adopt the cloud with confidence,” said Hiren Parekh, director of sales and marketing at OVH UK. “Our aim is to give users the freedom and flexibility they need as their businesses evolve.”

Salesforce offers $100m VC opportunity to European cloud startups

Salesforce WearSalesforce Ventures has allocated $100 million to invest in European startups as the investment arm of the cloud giant aims to capitalise on a potential $33.3 billion market. Any European cloud start up that impresses the venture capitalists could typically expect backing of between $1 million and $5 million, according to the fund’s development head.

As the investment arm of cloud-based CRM giant Salesforce it has already invested £500 million in 150 cloud and enterprise startups since 2009. However the majority of these have been US based and only 17 European cloud start up firms have been funded. However, researcher IDC predicts that the European cloud sector will grow 12 as fast as any other sector of the IT industry. As Europe catches up with the US, by 2019 its cloud market could be worth a collective $33.3 billion, it said.

As the global shift to the cloud generates demand for exciting new social, mobile and data science technologies it is creating an opportunity that should not be missed, said Salesforce EVP of corporate development John Somorjai. The European investment business will link back to Salesforce Ventures’ operations in the US run by Somorjai. London based Alex Kayyal will head the Salesforce Ventures’ efforts in Europe.

“There is so much incredible innovation happening in Europe today and we want to empower the next generation of enterprise cloud startups in the region,” said Somorjai, “Our $100 million commitment strengthens our mission to help startups grow and give back to their communities.”

However, he admitted that the competition has already started with five investments already earmarked to take a chunk of the budget.

European cloud start ups that have previously won funding from Salesforce Ventures include CartoDB, CloudSense, Cloud9 IDE, NewVoiceMedia, Qubit, Universal Avenue and YOUR SL. It’s not just about the money, according to Ruben Daniels, co-founder of Cloud9 IDE. “It’s the network and introductions, mentorship and framework that help,” said Daniels.

Salesforce Ventures’ global expertise was as important as its funding, according to CartoDB founder Javier de la Torre. “It helps us more effectively bring our data visualization tools to individual and business users around the world,” said de la Torre.

Cloud industry shaken by European Safe Harbour ruling

Europe US court of justiceThe Court of Justice of the European Union has ruled the Safe Harbour agreement between Europe and the US, which provides blanket permission for data transfer between the two, is invalid.

Companies looking to move data from Europe to the US will now need to negotiate specific rules of engagement with each country, which is likely to have a significant impact on all businesses, but especially those heavily reliant on the cloud.

The ruling came about after Austrian privacy campaigner Max Schrems asked to find out what data Facebook was passing on to US intelligence agencies in the wake of the Snowden revelations. When his request was declined on the grounds that the safe harbour agreement guaranteed his protection he contested the decision and it was referred to the Court of Justice.

This decision had been anticipated, and on top of any legal contingencies already made large players such as Facebook, Google and Amazon are offered some protection by the fact that they have datacentres within Europe. However the legal and logistical strain will be felt by all, especially smaller companies that rely on US-based cloud players.

“The ability to transfer data easily and securely between Europe and the US is critical for businesses in our modern data-driven digital economy,” said Matthew Fell, CBI Director for Competitive Markets. “Businesses will want to see clarity on the immediate implications of the ECJ’s decision, together with fast action from the Commission to agree a new framework. Getting this right will be important to the future of Europe’s digital agenda, as well as doing business with our largest trading partner.”

“The ruling invalidating Safe Harbour is seismic,” said Andy Hardy, EMEA MD at Code42, which recently secured $85 million in Series B funding. “This decision will affect big businesses as well as small ones. But it need not be the end of business as we know it, in terms of data handling. What businesses need to do now is safeguard data. They need to find solutions that keep their, and their customer’s, data private – even when backed up into public cloud.”

“Symantec respects the decision of the EU Court of Justice,” said Ilias Chantzos, Senior Director of Government Affairs EMEA at Symantec. “However, we encourage further discussion in order to create a strengthened agreement with the safeguards expected by the EU Court of Justice. We believe that the recent ruling will create considerable disruption and uncertainty for those companies that have relied solely on Safe Harbour as a means of transferring data to the United States.”

“The issues are highly complex, and there are real tensions between the need for international trade, and ensuring European citizen data is treated safely and in accordance with data protection law,” said Nicky Stewart, commercial director of Skyscape Cloud Services. “We would urge potential cloud consumers not to use this ruling as a reason not to adopt cloud. There are very many European cloud providers which operate solely within the bounds of the European Union, or even within a single jurisdiction within Europe, therefore the complex challenges of the Safe Harbor agreement simply don’t apply.”

These were just some of the views offered to BCN as soon as the ruling was announced and the public hand-wringing is likely to continue for some time. From a business cloud perspective one man’s problem is another’s opportunity and companies will be queuing up to offer localised cloud services, encryption solutions, etc. In announcing a couple of new European datacentres today Netsuite was already making reference to the ruling. This seems like a positive step for privacy but only time will tell what it means for the cloud industry.

HP launches cloud service catalogue for European Union

HPHP has launched a new ‘one stop’ cloud shop for Europe. The announcement was made by HP Helion VP Xavier Poisson to a gathering of HP’s Cloud28+ partner community in Brussels.

A new catalogue – also called Cloud28+ – will be a centralised cloud services portal for all the systems created by the 110 official members of the community that create or use cloud services in Europe.

HP claims it has made it easier for enterprises to identify and implement the cloud services they need, while complying with local regulations. In addition, the EuroCloud Star Audit (ECSA) program will, it claims, save members from the expense of performing their own individual audits. The rationale is to create a high level of transparency and guidance for customers and service providers, Poisson told delegates.

Lack of knowledge, security concerns and legal uncertainty are the biggest barriers to cloud adoption in Europe, according to a Eurostat survey, quoted by HP. The study, conducted by the EU’s statistical office, asked staff at 151,000 EU companies about their aspirations for using cloud services and their reservations over purchasing processes.

In response, HP has designed an easy and transparent system for matching cloud services to both functional and non-functional criteria, such as security or data privacy regulations, according to Poisson. The system is also designed to provide a need to know briefing on legal and compliance variations across Europe. The Cloud28+ catalogue is to be hosted and secured in Europe.

It’s time for a common framework of quality, costs and security, said Poisson. “This is already creating new opportunities for cloud service providers, greater choice for enterprises, and better access for developers and will play an integral role accelerating organizations’ transformation to hybrid infrastructure.”