It’s a pleasure and honor to be here with elected officials from both sides of the Atlantic and with many old friends. I conceive our principal task to be removal of unnecessary obstacles to Cloud Computing. While there are numerous legal and regulatory challenges to businesses that are inherently international, the most significant involves restrictions on trans-border data flow. And this inevitably and quickly brings us to the issue of privacy.
Our task is to reduce the transatlantic differences in the protection of privacy to the point that we are prepared to invest sufficient trust in one another’s resolve and ability to protect privacy to sharply reduce or eliminate restrictions on trans-border data flow. I am not suggesting that we aim for harmonization because it appears an unrealistic goal given differences in culture and legal regimes. I am suggesting that we aim for “good enough.” To succeed, we will have to set aside arid debates about who cares more about personal privacy and about whether expansive claims of protection are in fact backed by effective enforcement.
We also will need, with the deference good friends accord one another, to understand our respective societies’ arrangements permitting law enforcement and security officials access to electronic communications and records. I am confident that a dispassionate understanding of the realities would sufficiently allay anxieties to permit us to work together on commercial data privacy with great confidence.
We have so much in common with respect to the value of privacy and we have so much in common with respect to our need to effect improvements in our economies and our employment that it is inconceivable to me that we cannot reach “good enough.”
There is tangible evidence of our mutual concern for genuine privacy protection in the ongoing reviews of our respective privacy regimes. The Consultation on the 1995 Date Directive and the Department of Commerce Green Paper proceed from exactly the same premise—changes in technology, in business practice, and in consumer behavior have combined to cast very substantial doubt on the efficacy of the existing privacy protections. That both Europe and the United States are seeking an effective way to protect privacy in the Age of the Internet and of search and electronic commerce and social media is irrefutable proof of each of our genuine and deep commitments to privacy. If those commitments didn’t exist, we would be satisfied to continue with the enthroned pre-Internet approaches.
Just as technology has forced us to consider changes in approach to privacy, it also has provided an enormous inducement to do so in Cloud Computing. Cloud Computing offers an enormous opportunity to bring the advantages of state-of-the-art technology to SMEs and individuals. The efficiency gains and potential improvements in security would be more than enough to warrant the attention of policymakers. But the largest advantage lies in the access to the best infrastructure, software, and platforms that it affords to so many more players. We have, in other words, both the ability and the incentive to get to “good enough,” and we owe it to our societies to make our best effort to get there.
Now how are we cooperating to move our respective and our common digital agendas forward?
The answer is we are engaged in so many places and ways that last February our friend Director General Robert Madelin made a statement that I knew immediately had to be correct. He said that convergence was both necessary and inevitable. I am confident that Robert meant that in both a substantive and an institutional sense. That being so, I will limit my description of areas of cooperation sharply.
The Information Society Dialogue instantiates a longstanding relationship between DG Information Society and Media on the one hand and the FCC, NTIA, and State Department on the other. In February, we agreed that we would concentrate our mutual efforts on Cloud Computing. The led to an extended exchange of information and, at the beginning of this month, to an EU-US Cloud Computing Technical Seminar in Brussels. The conference heard from leading experts from government, academia, and the private sector who helped to expose the most significant cloud-related issues and potential approaches to them. The government representatives have agreed to supplement the seminar record with descriptions of the relevant initiatives being undertaken in Europe and the United States and to make this the subject of an Information Society Dialogue meeting in Washington on October 6.
At a much more senior level, the G8 met in Normandy at the end of May and included a lengthy discussion of the Internet as part of the conference’s communiqué. It set forth a set of agreed principles and approaches, including these:
Less than a month ago, the OECD held a High Level Meeting devoted to the Internet Economy. The resulting Communiqué on Principles for Internet Policy-Making included as basic principles to “promote and enable the cross-border delivery of services” and to “strengthen consistency and effectiveness in privacy protection at a global level.”
And there is ongoing an important civil society initiative, the Aspen Institute IDEA (Internet Digital Economic Accord) Project that is concentrating on market access, free flow of information, and cloud issues. The Project is receiving contributions from many of the best minds in the area in addressing these subjects. It has met on both sides of the Atlantic and intends to conclude its work with appropriate recommendations prior to the end of the year.
As we go forward with our Cloud Computing considerations, we have the benefit of numerous contributions from experts of every description—academic, civil society, corporate, and trade associations. Each is valuable in its own way and we are very happy to have all of them. And just as Robert Madelin predicted, they tend to converge in terms of descriptions and prescriptions.
Likewise, there is every reason to hope that in the face of common circumstances—in technology, business practice, and consumer behavior—European and North American policies affecting privacy and trans-border data flow will converge sufficiently to be “good enough” to permit efficient provision of cloud services to all of us.