Following reports about U.S. government Internet surveillance, cloud computing "has become one of the regulatory flash points in Brussels as debate ensued over how to protect data from snooping American eyes," according to a New York Times report: "Europe Aims To Regulate the Cloud":
The European Union wants to regulate the cloud even if that makes its use more complicated. One proposed amendment would require "all transfers of data" from a cloud in the European Union to a cloud maintained in the United States or elsewhere to "be accompanied with a notification to the data subject of such transfer and its legal effects."
Another amendment takes it further, barring such transfers unless several conditions are met. Not only must consent be provided by the subject of the data, but the person must be "informed in clear, unambiguous and warning language through a separate and prominently visible reference" to "the possibility of the personal data being subject to intelligence gathering or surveillance by third-country authorities."
European regulations could leave companies wrong no matter what they do, if those companies do business on both continents. One amendment to regulations "requires the operator of data servers to inform both a local 'supervisory authority' as well as the subject of a request" if a non-European country hands out a court order requiring data disclosure. That's a direct contradiction of American law.