Box to Offer Compliant Enterprise Cloud Storage in Europe and Asia
Cloud storage provider Box recently announced plans to expand its presence in Europe and Asia through strategic partnerships with Amazon Web Services (AWS) and IBM Cloud. These cloud service providers will support an add-on service, called Box Zones, that will let enterprises decide where to store documents, images and other content they upload to Box. The partnerships will allow Box to leverage the regional experience of AWS and IBM as it navigates Europe’s complex data protection regulations.
Box will provide cloud storage for its enterprise clients both in its own data centers and in those of AWS and IBM Cloud. Data Center Knowledge reports that Box Zones will initially provide storage in Germany, Ireland, Singapore and Japan through Amazon S3, with additional storage options in Europe and Asia available through IBM Cloud later in the year.
The Data Protection Shake-Up in Europe
Tapping into the enterprise market means navigating a heterogeneous mix of data privacy regulations around the world, and few regions are as thorny in terms of data protection as the European Union (EU).
In October 2015, a decision by the EU Court of Justice ended the decade-long Safe Harbor agreement that previously allowed American companies to transfer data on European citizens to the United States. The Guardian reports that under Safe Harbor, American companies were able to self-certify that they offered adequate cloud storage protections for EU data.
However, in the wake of revelations about the U.S. National Security Agency’s PRISM data surveillance program, European regulators decided to take action to restrict the level of access U.S. law enforcement has to the data of EU citizens. Some companies have tried to compromise by creating what they call “model contracts,” such as binding corporate rules and data export contracts, that explain how their companies will treat the data of EU citizens and to which EU citizens can consent.
However, if current trends continue, the EU may no longer allow consent to be the basis by which companies work around EU data protection standards. Organizations may have to ask for consent every time they transfer data outside the EU, which means it will be the end of large-scale data transfers into cloud storage operations outside the EU.
“Europe’s approach to privacy is much stronger than in the United States,” London-based technology lawyer Peter Church told The New York Times. “There’s a fundamental difference in culture when it comes to privacy.”
A Ready-Made Cloud Storage Solution
The idea behind Box Zones is to provide a market-ready option for enterprises that need to comply with EU data protection regulations. Box founder and Chief Executive Officer Aaron Levie explained in a blog post that Box Zones is part of an ongoing effort to decouple the Box application from where it stores data.
By leveraging third-party cloud partnerships, Box gains experienced business partners that can provide expertise in navigating European and Asian data protection regulations and expectations. Through Box Zones, companies in Europe and Asia gain more control over where Box stores their files.
Box Zones could potentially protect companies against the consequences of Safe Harbor’s invalidation. These repercussions include expanded rights to litigate against companies, even outside the EU, if they misuse their private data.
Additionally, by working with experienced cloud service providers that are already familiar with and established in the region, Box Zones can help protect enterprises from tougher regulatory fines for noncompliant cloud storage. New regulations were approved by the EU in December 2015 and are set to go into effect in 2017. These new rules will allow fines of up to 4 percent of a company’s global revenue for violating EU data protection laws, according to The New York Times.