25 Apr Regulatory barriers for cloud vendors – Present and future
Say the word data transfer and banking and telecom regulators immediately go into a familiar defensive posture. And with good reason too. In the digital economy data is gold, and privacy and protection of customer data is a natural extension of regulator scope. Large customers even when not mandated by law have expressed preference to keep data in territory. This is not a case with emerging or frontier markets only; mature markets like Germany are great case studies here. While its data protection laws laws never expressly forbade moving customer data outside, many of its biggest companies insisted that it be so. And now a new data law coming into effect in July 2017 “requires providers of publicly available telecommunication services not only to store traffic data for a certain time period (data retention), but also to store the respective data locally within Germany (data residency)”
Even if you need to just access it via cloud, regulators increasingly mandate that the data center which hosts the cloud must be located in the country whose data it is. This is often enforced through policy that is officially government backed. This actually affects both cloud computing and digital trade goals. Lack of ability to transfer data across boundaries seamlessly is the exact opposite of what digital trade advocates desire. Most large software companies are transferring their business models to the cloud. That means Software as a Service is how they will make money or die. Data transfer hurdles across boundaries literally affect their ability to make money. So for example in a country a leading vendor cannot sell its sales management solution to a bank, because the regulator has said no customer data can leave country. This hurts the vendor’s business. Now multiply that across growth territories like Eastern Europe, China and post BRIC nations and you have a serious revenue problem. If every company had to build expensive data centers to do business in each country there would be no ROI. In fact it’s just not possible. On the flip side leading commercial and public institutions lose out on the tremendous benefits and agility of industry leading cloud solutions that can help their top and bottom line.
We feel the only way you can get around this is by having international treaties. For example this is how most of the world aligned on intellectual property and copyrights protection. But international treaties, that guide data transfer and getting countries to sign up to it, take strong multilateral effort. In this era of an insular world leader and a “Brexit” hit Europe and a China that practices a unique alchemy of foreign policy and economic mandate, this will be hard. As of now there is no major movement on this except the Trans-Pacific Partnership (TPP) that carries clauses enabling digital trade, and provisions around data transfer. But the TPP is looking to be on shaky ground in terms of its ability to pass soon. The major enabler of any future legislation will be trust. You can only enable trust through technology. For data that means enforcing encryption standards, which is what we hope major industry associations push for. The technology that digitizes trust the most is Blockchain. Industry organizations should work with startups that can add that extra layer of trust to protecting free transfer of data.
For customers unsure of which way regulators will react and adapt in the future, vendors who offer tightly integrated, highly optimized engineered systems that offer an on premise cloud capability may offer the best solution. Of course they will need to look at that in a holistic manner and ensure that such a solution fits into their technology roadmap.
Another thing to watch out that will become a problem in the future, is countries that will limit SAAS providers’ ability to sell solutions in their territories, because the automation these solutions create can result in job losses. Yes there’s a wider discussion around this being a normal part of the mega economic cycle; that the countries that adapt fastest will actually create higher paying jobs to replace them. But governments know they need to speak to citizens in the language of “now” so this is not an easy ask. We feel this will increasingly become an issue for SAAS providers with AI as a competitive differentiator. From a legal point of view integrating AI into legal frameworks will be quite the challenge.