Cloud technology is young so maybe it’s not all bad that this happens now?! From an engineers perspective it’s actually a welcome challenge because a fatal flaw has been exposed at an early stage. So, we should really be glad about the lessons learned and that this happens now rather than 10 years down the road.
Time to roll up our sleeves and think about how “high-trust clouds” can be designed so that bits+bytes only get stored in jurisdictions with strong privacy laws and locations with short data retention periods (3-6 months).
Do you utilize cloud services but are not really sure where the data centres are being geographically hosted? Maybe your PaaS or SaaS is invoicing you from Germany or Luxembourg but the actual data centres are in Hangzhou, India or California? It might be a good time to double check especially if you want to maintain a trustworthy image!
In addition to the countries in the heatmap how about Switzerland, Luxembourg, Monaco, Caymen, Isle of Men, …? Since most tax-havens are also under pressure to come up with alternatives for generating revenues, here is an idea: Create strong privacy laws as foundation for these “high-trust clouds”. Keeping data confidential should be second nature to tax-havens anyway! You might even attract big clients from the USA!
Strong privacy could be a new alternative income stream for countries that already promised to implement tax-transparency rules in order to get off the OECD grey list (Cyprus, Austria, Monaco, Luxembourg).
Other thoughts could be floating data centers – a patent filed by Google in 2008. Placed in international waters their only problem is that there are no rules. This could be a good or a bad thing depending on “how evil” the company behind it really is. Transparent design of such off-shore data-centers could be a first step in favor of strong privacy. But much more needs to be done!