New EU regulations green-light operators’ Cloud-based services


The EU’s moves earlier this month to harmonise data protection across the region have understandably been welcomed by consumer groups.  The body’s new General Data Protection Regulation (GDPR) includes among its provisions the “right to be forgotten”, the right to know if your data is ever hacked, the right to transfer your data and, of course, also allows for some pretty hefty fines to be imposed on any company right across Europe found guilty of breaching the regulations and putting consumer privacy at risk.

The GDPR certainly raises the bar for consistency, accountability and standards to give consumers more control and security over their data and privacy and, more importantly, will also trigger a reform of the EU’s e-Privacy directive. 

It is a welcome move by the regulator and one which arguably sets a new world leadership standard for consumer data protection – with the data protection partner at international law firm Fieldfisher telling the Guardian newspaper in the UK that the “global standard for data protection will now be dictated by European rules.”

And while businesses are often wary of intervention by the regulator, this particular move was also welcomed by the mobile industry world trade body – the GSMA.  This is because trust in the ability of companies – and in this case mobile operators – to sensitively handle, protect, and not abuse, your data is paramount.  The GSMA went further saying the new harmonized rules were: “Fundamental to building trust and driving the uptake of new digital services by citizens across Europe.”

At AsiaInfo, it’s also an area we have studied quite closely.  Our new Cloud Core offer is built on a partnership with Amazon Web Services (AWS).  The concept of moving an operator’s BSS solution to the cloud – and in this case to a private section of a public cloud provider – immediately raises questions about privacy and security - especially when data moves across borders.  While the highly successful, AWS business model is actually founded on its security and ability to protect its users’ data, questions will still be asked. And while operators are attracted by the substantial capital and operational savings available, they will still wonder whether “the regulator would let them do it”.

Well now the regulator has, in effect, spoken.  The ground-breaking initiative of the GDPR sets a harmonized standard and helps mitigate against inconsistencies from country-to-country – particularly for a service provider with operations in more than one country.  And our AWS –Veris Cloud Core approach more than meets the requirements of the GDPR.

Operators and industry experts concur that Cloud-based BSS solutions offer immense time-savings in deployment terms, greater simplicity, shorter time-to-market for new services, operational savings and the potential for a high-level of configurability to enable them to continue to differentiate across customer experience, business models and products.

As true cloud-based BSS systems play an increasingly important role in connecting digital services, partners, networks and enterprises beyond sovereign states, the interpretation and practical implementation of the new GDPR principles will play a critical role towards the acceptance of centralized cloud-based technology and services.  The GDPR’s influence on the EU’s E-Privacy review will also be pivotal, with the GSMA calling for the right balance to be struck between “protecting confidentiality of communications and fostering a market where innovation and investment will flourish.”

The GDPR regulations and the E-Privacy review will play a key role in the level of innovation open to operators in the use of subscriber data, especially in the context of the development of new and advanced digital services, and the interoperability between national networks and the always-connected eco-system beyond the sovereign state.  It is a major and welcome piece of work.

Published as part of BossFest16

Add Comment

Comments (1)

Newest · Oldest · Popular

Completely agree Andy, and this is a great example of why states cannot operate effectively by themselves in the consumer protection area. Though I would like to raise a point that is often forgotten when protection & privacy laws are crafted.

Consumers are at least, or more, at risk - of personal data misuse - from criminal groups and fraudsters as they are from the legal entities (e.g. CSPs) that serve them.  It is clearly important that CSPs take the consumer's data protection & privacy rights seriously from both their own use of data and potential hacker aspects, but there is a problem.

In order to determine criminal behaviour is occurring and react effectively, and thus protect consumer's data and their devices, the CSPs need fairly intrusive capabilities (including ultimately the ability to lock a device). In doing this the CSP puts itself at risk of breaking a range of legislation - e-Privacy & Sales to name just two. 

Thus, by protecting consumers, CSPs can end up in breach of regulation and law themselves. There needs to be thought given to this, in drafting regulation and law, because many legal entities will pull away from the necessary protection methods in fear of litigation. And note that this litigation can be against an individual and not just the company, raising the stakes further.

Copyright Babworth Ltd. and © 2015 Telesperience - All Rights Reserved

Babworth Ltd is registered in England and Wales - 6620167

35 Firs Avenue, London, N11 3NE