26 Nov 2013

A ‘European cloud’ won’t keep your data safe from prying eyes

If you’re reading headlines about the European Union getting tough in response to revelations about US spying, don’t get too excited – the real picture is a bit more complicated.

Just to cover the basics: when you use Facebook, Twitter, Google or any of the plethora of “free” online services, there’s a fair chance the information you give over is held on computer servers in the US (so-called “cloud computing”).

There are European Union rules governing how EU citizens’ data should be handled. American companies are allowed to hold our data in the US because of the “safe harbour” agreement – basically, the EU reckons it can trust the US to apply the same standards as the EU would.

Clearly allegations of complicity between US internet companies and the US National Security Agency call into doubt whether the US is still really such a safe harbour for EU citizens’ data, and there are reports today suggesting the EU may start asking some awkward questions.


Put that together with our interview today with the Estonian President: he’s leading calls for a “European cloud”, i.e. a network of servers in the continent where we can be sure the EU rules on data protection are being applied.

You might start to see a future where, instead of sending your status updates off to a Facebook server somewhere in America, it  all ends up on a computer inside the EU. That certainly heralds the growth of a thriving data industry for the EU ecnomy, and that financial incentive seemed part of the appeal for President Ilves.

But will it make Europeans safer from US spying? Not necessarily. The problem is this: where the data is stored is only one part of the potential surveillance picture. In order to get from one place to another, the data has to travel over the labyrinthine global internet.

You might think that if you live in London and email your mate in Paris, there’s no chance the message will ever go via the US.

You’re wrong. The quirks of global internet traffic mean there’s always a chance your traffic will route via the US, and if Edward Snowden’s leaks are to be believed, it can be picked up by the NSA as it passes through.

A European cloud for our data is an appealing idea – but it almost certainly won’t keep prying eyes away from our data.

Follow Geoff White on Twitter @geoffwhite247