Cloud computing offers ‘revolutionary’ commercial implications for consumers, ICC report shows

  • 29 March 2012

Governments should use a flexible and light touch when they develop new regulations that may apply to cloud-based services in order not to limit the potential of emerging models or risk constraining innovation, ICC recommends.

Such well-intentioned policies and regulations could significantly undermine and limit the potential social and economic benefits of cloud, while an appropriate approach to risks and solutions in the cloud context allows the customer to make informed decisions, the ICC Commission on the Digital Economy recommended in its statement “Business views on regulatory aspects of cloud computing”.

“Consumers and SMEs have the potential to extend the powerful existing cloud computing and processing resources to new business offerings and social applications,” said Christiaan van der Valk, CEO of Stockholm-based IT solutions provider Trustweaver and co-chair of the Task Force on Security and Authentication that helped draft the statement.

“There are risks, but these risks – the location of information, security controls over information, and the consequences of exiting a commercial arrangement – have already been faced by businesses and consumers when dealing with a number of existing models, such as outsourcing,” he said.

The statement identified four broad regulatory categories of particular importance to providers and consumers of cloud services. These include data privacy, confidentiality and secrecy obligations, litigation and investigatory access, and specific sectoral rules on outsourcing.

“Enhancing consumer trust and confidence in cloud is key,” said Jacques Beglinger, Attorney-At-Law at the Berne-based Federation of Swiss based multinational enterprises, SwissHoldings, and Co-Chair of the Task Force on Security and Authentication.

“Since cloud computing for both buyers and sellers of services does not pose major new regulatory challenges, ICC upholds that governments should be encouraged to use the regulatory powers they already do possess, regarding privacy and security issues, in order to improve trust and understanding in the cloud services market,” Mr Beglinger said.

The ICC Commission on the Digital Economy represents approximately 250 companies, organizations and ICC national committees in more than 50 countries globally.

The Task Force on Security and Authentication, set up by the Commission, is composed of more than 55 experts in the field of IT and information, communications and technologies (ICT), data protection and privacy, security and authentication, and telecommunications.

View the full policy statement: Business views on regulatory aspects of cloud computing