Views on Cloud Computing and EU Data Localization From Amazon Web Services Technology Evangelist Ian Massingham

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

Amazon Web Services, a cloud-computing platform operated by Amazon.com, has joined a growing list of U.S. technology companies opting to expand their data centers in Europe to satisfy customer demands as well as European Union regulatory requirements on data transfers to third countries.

Bloomberg BNA Privacy & Data Security News Berlin Correspondent Jabeen Bhatti posed a series of questions to Ian Massingham, Technology Evangelist for Amazon Web Services in the U.K., Ireland and Scandinavia, on the company's expansion of cloud services. Following is an edited transcript of the interview.

Bloomberg BNA:

Would you describe Amazon Web Services (AWS)?

Ian Massingham:

Customers using AWS services can chose to place data in any one of these regions and we offer uniform set of services in each of these different locations globally. If a customer places data in a specific region, what that means in essence is that they control the sovereignty of that data, where that data is located, and AWS will not copy or move a customer's data out of a region.

Customers can do that themselves using the tools that we provide—we do not hold any control over where customers place their data. That obviously governs which legislative environment, which regulations apply to that particular data.

Bloomberg BNA:

Has such a system always existed, or was its development related in any way to the demise of the U.S.- EU Safe Harbor data transfer program?

Massingham:

It's always been like that, ever since we launched services back in 2006 with a region in Northern Virginia, US-East 1.

Shortly after that we opened in Europe with EU-1 in Dublin and we built up that footprint over time. But customers have always had control over their data, although we have supplemented that over time by adding additional services that offer customers further protection of their information. For example, in 2014 we launched a service called KMS—key management service—which enables customers to create and store cryptographic keys inside AWS and these are once again region specific. 

(Click image to enlarge.)

Amazon

Bloomberg BNA:

Is the new London data center being opened out of concerns for data transfers to the U.S.?

Massingham:

No, that's not the primary reason. The primary reason that customers will really select a region is really three-fold. Probably the first and most important and the most common…there are certain types of services that are latency sensitive. Video gaming is a really good example of this, where services that operate video games have to be located near the players of those games in order to assure good experiences for them. Financial services often want to have low latency between processing and data services, for example, data that you might be getting from financial exchanges.

Second is data sovereignty. It's not so much about data transfers to the U.S. but it might be the case that you are a bank operating in a specific country for example Australia. A financial regulator might say that they want financial data associated with customers in that country to be located in that country.

Certain AWS regions have slightly different pricing models. It costs a little bit more to run services in Frankfurt, for example, than it does to run equivalent services in Dublin. So customers might also select a region for cost optimization purposes.

The London region is being opened along those lines and also because we have certain public sector customers in the U.K. that see a lot of value in having their data located in the U.K.

When we talk about launching a region in London it's not just a data center. We're deploying a region here which means multiple physical data centers, which allow customers to operate services with very high levels of availability and reliability with AWS applications in this particular geography. It's important to clarify that. We're not going to be doing anything differently from what we already do in other regions around the world. 

Bloomberg BNA:

Does Amazon believe that the data centers will help get around difficulties with data transfers to the U.S.?

Massingham:

It's not really a factor for our customers because when they're placing their information in one of our European regions then they are already preventing their data from being transferred to the U.S.—so they weren't actually subject to Safe Harbor in that scenario.

If a customer is dealing with personally identifiable information that relates to, say, citizens here in the EU, they can already avoid any issues with Safe Harbor by placing their services in either Frankfurt or Dublin—there's already a workaround for customers in those cases.

Bloomberg BNA:

Then would most German customers belong to the Frankfurt region?

Massingham:

Our German customers are free to use that if they wish to have their data located inside Germany. We have a number of very significant German customers, including SAP SE for example, as well as many German start-ups and public sector organizations that are using that specific region. 

Bloomberg BNA:

Is Amazon concerned at all that the German data regulations would pose a problem?

Massingham:

No, not at all. We have a region in Germany and customers in that region use both that region and other AWS regions around the world to host their services. I don't think a lack of the region has been a barrier to that in the past.

Bloomberg BNA:

What has been your fastest growing international center for cloud services?

Massingham:

Since we launched the Frankfurt region in October 2014, it's been very successful and it's been our fastest growing international region to date.

I think that's a combination of a number of different factors. First of all, prior to launching in Frankfurt, there was only a center in Ireland for the entire European region. There were customers in mainland Europe who may have been prompted to make better use of AWS when we had a region in Germany—because it matches those characteristics of latency and data sovereignty that I described in Germany.

The second component is that there are customers in Germany and certain sectors of the German market that prefer to have their data stored within Germany. That's been a factor of encouraging adoption within that region in Germany. It's not the case either that it's used solely by German customers or that it's weighted to customers from outside of Germany. I'd say that there is balanced usage by both native German customers and customers from around the EU and the world who are making use of the services there.