Box: EU Cloud Regulations Have Hindered Our European Growth

data centre

INTERVIEW: Box COO says abolition of Safe Harbour and the EU’s failure to create a single digital market has made been an impediment to European expansion

The abolition of Safe Harbour and the European Union’s (EU) inability to create a single digital European market has proved a barrier to Box’s growth on the continent, according to the company’s chief operating officer Dan Levin, who wants Brussels to make significant changes.

Speaking to TechWeekEurope at BoxWorks 2016 in San Francisco, Levin said the EU court ruling had been a challenge for “every US cloud company” and called for regulations to be overhauled so that European companies were not at a disadvantage when it came to adopting cloud technologies.

Box has since received EU approval for Binding Corporate Rules (BCRs) – company specific regulations that are deemed to be the EU’s highest possible data protection standard. As the firm targets more international customers, and users in regulated industries, this is crucial.

The company claims to be one of fewer than five US firms to have received the accreditation, but prior to the approval, Levin was critical of the EU.

‘Extraordinary decision’

Dan Levin Box COO“It was extraordinary for the EU to take that course of action and we’re all fortunate that things were resolved so quickly,” he said.

“We’d all been relying on [Safe Harbour] as a contractual mechanism as It ensured our customers’ data would be stored in an appropriate way.

“Our view is there should be binding corporate rules, so there are enterprise SaaS legal frameworks. We’ve been [participating] in the process and want to be in the position of providing much more protection going forward. Of course we’re paying attention to what’s going on in the Safe Harbour replacement and I would just say we’re pleased with the direction its taking.”

Levin suggested that a German car manufacturer might not be able to adopt the same services as a rival in another country because of an insufficient regulatory environment. Germany is renowned for its strict privacy laws that make life difficult for cloud providers. In some cases, he said, Box has had to deal with national and even regional requirements.

EU digital single market

This is in stark contrast to the US, where Box is compliant with healthcare (HIPAA) and financial (FINRA) regulations. If a customer signs up to its platform, they are compliant.

Although adoption of Microsoft Office 365, the world’s most popular cloud application, is changing attitudes, a common set of rules would help the situation, he argued.

“I think the EU’s inability to craft a digital single market is hugely challenging for companies. This patchwork of regulation makes it difficult. It would certainly be our strong preference that the EU adopt a single set of regulatory frameworks that that would take into account SaaS as an enabler of European [companies] and give us one set of rules to play by.

“We’ve had some challenges in grappling with the patchwork regulatory environment. We haven’t been as nearly as successful in Germany as expected … It’s certainly been an impediment to our European growth.”

“We find the situation complicated, but we are blessed with a very capable legal team but our customers who are not experts are hugely challenged.”

Quiz: What do you know about the cloud in 2016?

Levin talks Brexit and profitability on page 2…