Cloud computing


Dell is attempting to move away from the PC and server market and into the enterprise cloud storage market by acquring EMC for $67 billion. in the biggest technology merger deal ever. EMC had 21% of the storage market last year, and when combined with Dell's prowess in servers the two companies will unite to become a force to be reckoned with in the cloud infrastructure market. They will be focusing on providing enterpise clients with private cloud computing and storage services.

California, home to many giant tech companies, has passed a new digital privacy law which is set to become ‘a model’ for other privacy laws. The California Electronic Communications Privacy Act (CalECPA, SB 178) bars any state law enforcement agency or other investigative entity from compelling a business to turn over any metadata or digital communications (including cloud services) without a warrant. A warrant is also needed to track the location of electronic devices like mobile phones, or to search them. CalECPA has been described as ‘a landmark victory for digital privacy’ (ACLU), ‘a significant milestone’ (EFF), and ‘the nation’s best digital privacy law’ (Wired), and was supported by leading tech companies and organisations.

In what is seen by many as a victory for user privacy, the Court of Justice of the European Union (CJEU) overturned the Safe Harbour agreement between the USA and the EU. The anticipated judgment in the Max Schrems case declared the Commission’s Safe Harbour Decision (2000) invalid: (a) even when a Commission decision exists, national supervisory authorities still have the power to examine with complete independence whether a transfer of personal data to a third country complies with the Data Protection Directive; (b) the Commission’s decision did not examine whether the US afforded an adequate level of protection equivalent to that guaranteed in the EU, but simply examined the safe harbour scheme. In the US, the scheme is applicable only to undertakings that adhere to it, whereas public authorities are not subject to it, and national security, public interest and law enforcement requirements prevail over scheme, whereas there are no such limitations exist under EU law. For these reasons, the CJEU declared the decision invalid. Critics are now saying that the decision will lead to the Balkanisation of the Internet, fearing a future with 'each country with its own Internet, gated off legally and governed by its own privacy laws'. More details: full judgment; court's press release; reactions by Max Schrems and others.


Cloud computing could be described as the shift from storing data on hard disks on our computers to servers in the clouds (i.e., huge server farms). Cloud computing offers ubiquitous access to all our data and services from any device anywhere around the world (where there is Internet connection). At the same time, the fact that our data are stored with a third party - often in pieces and copies scattered around several jurisdictions - raises concerns for privacy. Security of the cloud is likely to be on a much higher level than of our own computers, but the risk from penetrating into a system of any cloud provider increases, since each cloud contains vast information about many citizens and companies.


The first wave of cloud computing started with the use of online mail servers (Gmail, Yahoo!), social media applications (Facebook, Twitter) and online applications (Wikis, blogs, Google docs). Apart from everyday applications, cloud computing is extensively used for business software. More and more of our digital assets are moving from our hard disks to the cloud. The main players in cloud computing are Google, Microsoft, Apple, Amazon, and Facebook, who either already have or plan to develop big server farms.

From hard disks to cloud computing

In the early days of computers, there were powerful mainframe computers and ‘dumb’ workstations. The power was in the centre. After that, for a long time, with PCs and Windows applications, computer power moved to the periphery. Will cloud computing close the circle? Are we going to have a few big central computers/server farms and billions of dumb units in the form of notebooks, monitors, and mobile phones? The answer to this and other questions will need time. Currently, we can identify a few Internet governance issues which are very likely to emerge in parallel with the development of cloud computing.

  • With more services delivered online, modern society will increase its dependence on the Internet. When the Internet went down in the past, damage was limited to the inability to send e-mails or browse the web. In the era of cloud computing, we may not even be able to write texts or perform calculations. This higher dependence on the Internet will imply higher pressure on its robustness and reliability.
  • With more of our personal data stored on clouds, the question of privacy and data protection will become central. Will we have control over our text files, e-mails, and other data? Could cloud operators use this data without our permission? Who will have access to our data?
  • With a growing volume of information assets going digital, countries may become uncomfortable with having national information assets outside their national ‘borders’. They may try to create national or regional clouds or make sure that existing clouds are managed with some degree of international supervision. Nationalisation of clouds could be further accelerated by the fact that all main operators in this field are based in the United States. Some argue that the current ICANN-centred debate may be replaced by an Internet governance debate on the regulation of cloud computing.
  • With a diverse set of operators of cloud computing, the question of standards is becoming very important. The adoption of common standards will ensure a smooth transfer of data among different clouds (e.g. from Google to Apple). One possibility that is being discussed is the adoption of open standards by the main players in cloud computing.

There are a number of working groups on cloud computing, such as The Open Group Cloud Computing Work Group, which includes some of the industry’s leading cloud providers and end-user organisations; and the Cloud Computing Strategy Working Group by the European Telecommunications Standards Institute (ETSI).

The governance of cloud computing is likely to emerge through the interplay of various actors and bodies. For example, the EU is concerned with privacy and data protection. The Safe Harbour agreement, which was meant to solve the problem of different privacy regimes in the USA and the EU, has been declared invalid by the European Court of Justice in October 2015. With more digital data crossing the Atlantic Ocean, the EU and the USA will have to address the question of protection of privacy according to EU regulation by US companies, the main operators in cloud computing. This issue came into sharper focus after the Snowden revelations of mass surveillance.  

Standards will most likely be developed through agreements among the main companies. Google has already started a strong push towards open standards by establishing the Data Liberation Front, aimed at ensuring a smooth transition of data between different clouds. These are the first building blocks that will address the question of the governance of cloud computing. Others are likely to emerge as solutions for concrete policy problems.




The ITU Telecommunication Standardization Sector (ITU-T) develops international standards (called recommendations) covering information and communications technologies. Standards are developed on a consensus-based approach, by study groups composed of representatives of ITU members (both member states and companies). These groups focus on a wide range of topics: operational issues, economic and policy issues, broadband networks, Internet protocol based networks, future networks and cloud computing, multimedia, security, the Internet of Things and smart cities, and performance and quality of service. The World Telecommunication Standardization Assembly (WTSA), held every four years, defines the next period of study for the ITU-T.


The Council dedicates its activities to addressing cloud computing interoperability issues such as cloud manag


The Council dedicates its activities to addressing cloud computing interoperability issues such as cloud management, reference architecture, hybrid clouds, and security and compliance issues. Deliverables of its work range from cloud reference architectures (e.g. Cloud Customer Architecture for Big Data and Analytics and Cloud Customer Architecture for e-Commerce), practical guides (e.g. Practical Guide to Hybrid Cloud Computing and Practical Guide to Platform-as-a-Service), cloud service agreements, and other resources on cloud security, and industry and related cloud technologies. The Council also organises various webinars and in situ events focused on issues such as cloud data residency, cloud architectures for the Internet of Things, and blockchain technologies.


The Alliance focuses its activities on issues related to cloud computing security.


The Alliance focuses its activities on issues related to cloud computing security. These include research, education and awareness raising, certification, events, and products. In 2010, it launched the first cloud security user certification, and it also operates the Security, Trust & Assurance Registry cloud security provider certification programme. Over 30 working groups focus on issues such as big data, blockchain and distributed ledger, cloud data governance, cloud trust, security as a service, top threats, incident management and forensic, etc. The Alliance has also several initiatives and projects, such as the Cloud Accountability Project and the Best Practices for Cyber Incident Exchange initiative.


The Consortium works on creating an open and interoperable framework for


The Consortium works on creating an open and interoperable framework for fog computing – an architecture that distributes resources and services along the continuum from cloud to devices. Several committees and working groups focus on technical work (building operational models and testbeds for fog computing), contributing to the development of standards within relevant standardisation organisations, promoting innovation, and contributing to educating both the industry and the market on the advantaged of fog computing. In February 2016, the Consortium published the OpenFog Reference Architecture, containing details on the eight pillars in an OpenFog architecture: security, scalability, openness, autonomy, programmability, RAS (reliability, availability, and serviceability), agility, and hierarchy.


More and more standards and guidelines developed by ISO cover issues related to data and information security,


More and more standards and guidelines developed by ISO cover issues related to data and information security, and cybersecurity. One example is the 27000 family of standards, which cover aspects related to information security management systems and are used by organisations to keep information assets (e.g. financial data, intellectual property, employees’ information) secure. Standards 27031 and 27035, for example, are specifically designed to help organisations to effectively respond, diffuse and recover from cyber-attacks. Cybersecurity is also tackled in the framework of standards on technologies such as the Internet of Things, smart community infrastructures, medical devices, localisation and tracking systems, and future networks.


The World Wide Web (WWW) was developed


The World Wide Web (WWW) was developed at CERN, in 1989, by Tim Berners-Lee. The aim was to allow for automatic information-sharing between universities and research institutes around the world. The first website was also created at CERN, dedicated to the WWW project itself. In 1992, the first readily accessible browser for the WWW was launched. In 1993, the WWW software was put in the public domain and made freely available, thus allowing the web to further develop. The HyperText Markup Language (HTML) and the HyperText Transfer Protocol (HTTP) were developed at CERN as well, based on a proposal from Berners-Lee.



ITU-T Recommendation X.1601 Security Framework for Cloud Computing (2015)
Recommendation ITU-T Y.3600 'Big data – cloud computing based requirements and capabilities' (2015)

Other Instruments



Roundup of Cloud Computing Forecasts and Market Estimates, 2016 (2016)
2016 Data Threat Report (2016)


Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)


Cloudy with a Conflict of Laws - How Cloud Computing Has Disrupted the Mutual Legal Assistance Treaty System and Why It Matters (2016)
Governments and Cloud Computing: Roles, Approaches, and Policy Considerations (2014)
Cloud Innovation and the Law: Issues, Approaches, and Interplay (2014)
Cloud computing from EU Competition Law Perspective (2013)


Hosting and Cloud Study 2016: The Digital Revolution, Powered by Cloud (2016)
Blue Skies Ahead? The State of Cloud Adoption (2016)
IT Trends Report 2016: The Hybrid IT Evolution (2016)
Cloud Computing and Accessibility Considerations (draft) (2016)
2016 Global Encryption Trends Study (2016)
Cloud Readiness Index 2016

GIP event reports

Looking Ahead: What to Expect in the Cyber Realm (2017)

Other resources

Cloud Computing Guidelines for SMEs and Microenterprises (2016)
Practical Guide to Hybrid Cloud Computing (2016)
Cloud Computing Survey 2015 (2015)
Privacy Level Agreement [v2]: A Compliance Tool for Providing Cloud Services in the European Union (2015)
Practical Guide to Cloud Service Agreements (2015)
Security for Cloud Computing - Ten Steps to Ensure Success (2015)
Practical Guide to Cloud Computing (2014)
The Cloud Infographic


Session reports

Click on the ( + ) sign to expand each day.

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top