Government Examines Cloud Privacy

The government has never been far from the Internet, which has its origins in the Advanced Research Projects Agency. The explosion of the Web in the 1990s and growth of electronic commerce brought another form of government involvement. Congress passed the Internet Tax Freedom Act of 1998, which placed a moratorium on Internet access taxes. That moratorium was most recently extended in 2007 and now runs through November 2014.  A dozen years after the original tax moratorium, government entities are again looking at the Internet. The focus this time has shifted to privacy. And, of particular interest to service providers, cloud computing falls within the scope of the latest inquiry.

In one thrust, the Department of Commerce recently launched a task force to review Internet privacy policy. The Internet Policy Task Force aims to examine the “nexus between privacy policy and innovation in the Internet economy,” according to Commerce. The department wants the public to comment on how U.S. and international privacy laws affect the development of the information economy. The deadline for comments is June 7. Information on submitting comments is available here: http://www.ntia.doc.gov/frnotices/2010/FR_PrivacyNOI_04232010.pdf.

Cloud computing surfaces a couple of times in the department’s Notice of Inquiry requesting public comment. The main point of interest: the potential for conflicting legal obligations.

Here’s an except from the notice:

“Today, cloud computing models allow organizations to collect, store, access and process data in separate locations around the world. This can create challenges for both companies and regulators in determining where data is located and who has jurisdiction over that data. In addition, different regulators may attempt to assert jurisdiction over data or a company’s business practices, which may create conflicting or competing legal obligations.”

The task force now seeks feedback on “any jurisdictional conflicts companies and regulators face as a result of data privacy laws, how they are reconciled and what, if any, effect they have on trade and foreign investment.”

Commerce’s move follows a recent series of “Exploring Privacy” roundtables hosted by the Federal Trade Commission. Those meetings explored the privacy implications of cloud computing among other topics. Rackspace and Google were among the company’s submitting comments.

The upshot of the government’s interest remains a bit fuzzy. While the late 1990s activity resulted in legislation, the current round has yet to reach that stage. The FTC said the goal of its roundtables “is to determine how best to protect consumer privacy while supporting beneficial uses of the information and technological innovation.”

Commerce’s information gathering, meanwhile, will result in a report. That document, according to the Notice of Inquiry, may include recommendations for “regulatory, legislative, self-regulatory and voluntary steps that will enhance privacy and innovation.”

That said, “detailed legislative or regulatory proposals” aren’t immediately expected.

Will the situation result in formal rules and regs or mere suggestions? It’s hard to say at this point, but the government’s moves are worth watching.

Sign up for MSPmentor’s weekly Enewsletter, Webcasts and Resource Center. And follow us via RSS; Facebook; Identi.ca; and Twitter. Plus, check out more MSP voices at www.MSPtweet.com.