Turn privacy regs into cloud VAS revenues
April 10, 2013
From a strictly regulatory point of view, it’s not easy to be in the cloud services game. The good news: service providers can actually take advantage of data privacy regulations (even archaic ones) to get a leg up on their competition.
So said Jeffrey J. Blatt, Of Counsel at Tilleke & Gibbins International and a board member of Sri Lanka Telecom, who spoke at Broadband & TV Connect Asia in Hong Kong this week about the regulatory challenges faced by cloud service providers.
In essence, Blatt said, while “the cloud” may seem nebulous from the user’s point of view, from a regulatory POV it all comes down to where the actual data is physically located. That’s the jurisdiction where local laws will apply, including data privacy, taxation, and lawful intercept of customer data.
The last one is particularly thorny in countries where the government can compel service providers to disclose customer data as part of a legal investigation or a civil lawsuit, as well as prevent them from even telling their customers about the disclosure.
But they’re all potentially problematic, not least because many jurisdictions are way behind the technology curve when it comes to data privacy, Blatt said. Complicating things is that jurisdictional lines sometimes get blurred when governments try to assert extraterritorial authority (as the US and the EU are known to do, for example).
However, Blatt said that cloud service providers who understand local laws well enough can use that to differentiate themselves from other cloud service providers.
“For example, does the local government require you by law to hold the keys to your client’s encrypted data so they can get it from you? If not, then don’t hold them,” Blatt said. “You can’t hand over what you don’t have.”
Meanwhile, larger companies that host cloud services in multiple countries can do their homework when choosing locations where they install or lease the physical servers. “Focus on the countries with favorable privacy laws,” Blatt suggested.
Better yet, he added, give your customers the ability to choose for themselves. “For example, Amazon gives customers the option of hosting their content either inside or outside the US.”
Blatt recommended that cloud service providers use their local regulatory knowledge to create differentiated VAS that address real-life concerns for cloud-based services.
“For example, let customers encrypt their own data with their own keys and store it for them in your cloud,” he said. “Also, you can provide retail customers with access to search engines like Duck Duck Go and ixQuick that prevent tracking and sale of their data and identity.”
Another VAS possibility, he said, is to “provide customers with access to SaaS and SaaP (software as a product) solutions that leverage laws and regulations in your country to provide higher levels of privacy, security and business continuity.”
Thumbail image from server side store:
Companies should reevaluate their closed corporate environments
Apple is finally chasing the connected-car market – and just in time
App developers and specialist vendors given a stage
Low-cost devices and an encrypted smartphone OS steal the show
FCC revives regulation plan, but why are neutrality rules needed at all?
Philippine telcos draw ire for fair use caps on "unlimited" data plans
A rundown of the new smartphone OS challengers vying to be the third platform
Globe Telecom COO, Peter Bithos, knows exactly what his company, and others, need to do to provide the best customer experience.
Mike Ropicky at Tektronix Communications believes that if the network performs well, delivering connectivity and speed, it makes customers happy, and happy customers don't churn