Brad Smith, Senior Vice President and General Counsel for Microsoft has a post today on the Microsoft on the Issues blog on “Fostering the Next Phase of Cloud Computing.” Microsoft also released a white paper, “Privacy and Data Access in a World of Online Computing: A Call to Action.” Speaking to an audience in Paris, Smith addresses a number of issues related to cloud computing, including privacy and security. Among Smith’s remarks:
However, there remain some challenges to cloud computing reaching its full potential that we as an industry, and together with governments, must address. In particular, cloud users need confidence that as their data moves from the desktop to the cloud, it will stay private and secure. Aligned with this is the need for greater transparency the collection and use of user data. I first spoke about these challenges in an address at the Brookings Institution just more than a year ago.
The most important first step the industry can take is to listen and engage. By this, I mean we collectively need to do a better job of understanding users’ concerns, and then provide innovative solutions that protect data. We also need to adopt and adhere to appropriate, common codes of conduct. At Microsoft, we consistently engage and seek feedback from both enterprise and consumer customers. For example, we have learned that consumers want greater transparency, choice and control regarding how their personal data is collected and used.
In response, we have worked hard to provide clear and easy-to-understand information on our privacy and security practices. Taking that a step further, the upcoming version of our browser, Internet Explorer 9, will provide an innovative new feature, “Tracking Protection,” which filters out content on a page that may have an impact on user privacy, and enables users to limit the sharing of their data on specified sites. This is just one example of how we are putting users in control.
While efforts like this can address some of the immediate concerns for users, they alone are not enough to fully enable the economic and social benefits of cloud computing. We believe to achieve that outcome, governments must also take steps to ensure that existing regulatory frameworks are suited to the cloud. This means taking a balanced approach with clearly-defined guidelines for cloud vendors to maintain high levels of data protection while not unduly restricting industry’s efforts to create innovative new ways of providing those protections. We believe there are three steps government should take to achieve this:
1. Develop more balanced and predictable rules governing cloud vendors to enhance legal certainty for cloud services.
2. Create laws that are more results-oriented by ensuring that regulatory rules measure compliance against desired outcomes, rather than freezing in time the means by which an outcome is achieved.
3. Facilitate easier movement of data across borders while maintaining legal protection for consumers.
Ultimately, this is going to require governments and industry to work together, just as they did in fostering past eras of IT-driven growth. Already in Europe, the U.S. and in many countries around the world, governments are starting to collaborate with a variety of industry groups and other stakeholders to map out necessary measures to address the challenges cloud computing presents. These are great first steps. We continue to encourage governments to revisit regulatory frameworks as needed, provide greater certainty within their borders and work together – through government to government collaboration – towards a global framework for cloud computing.
At Microsoft, we remain committed to doing our part, both through our privacy and security practices, and in our support of legal reform. We are actively engaged in helping to facilitate discussions between governments and industry. And we will remain passionately engaged to help extend the benefits of cloud computing to people and organizations around the world.