OpenStack doesn't check to see if data was smuggled across the border, but the European Court of Justice does. The cross-European data transfer message has become clear: Don't look at my stuff outside my international border unless many conditions are satisfied.
Has the NSA has done its part to wreck the U.S. cloud business? Or is the reverse actually true?
Much of Canadian data stays in Canada, German data in Germany. Data can't be carted over the borders into that skanky NSA-monitored data sieve called the USA.
Does this cause madness for U.S. cloud providers? In the short term, perhaps—the actual damage hasn't been tallied. Instead, a new boom has been created in duplication of infrastructure, something that the Internet was designed to stanch as a resource-sharing mechanism.
Instead, there's a boom. There are a lot of servers, routers, and oh-so-plentiful disk arrays now blooming like mushrooms in European cow pastures. Instead of one set of licenses, there is one for each new balkanized data region. Enter separate fleets of coders, all busy doing big data analytics, or the devil of details of CRM, or the SaaS version of this app for the EU-ONLY so that data doesn't accidently become spied upon. Balkanization among former allies is taking place as data principalities, dukedoms, and even fiefdoms are booming.
Data privacy is a simple directive. The statement is: This is none of your business, spy agencies: it's my/our stuff. Get your nose out of my business, my personal life, my government. Not your business. OK, and here's the order for the new servers and infrastructure that we'll need to harbor our data in OUR port.
Yes, the U.S. government's public policy—and its secret one—is the motivator. It's the fear of the NSA and other U.S. three-letter spy/enforcement data that has balkanized the cloud. Numerous governments—governments that used to be friendly to the United States—have passed provenance legislation that require a lot of data to physically reside in that country.
There's a misunderstanding about international data that has to do with a sense that the IANA-issued domain designation – let's say .DE is Germany and .UK is England Wales Scotland + Northern Ireland (etc) – that the data resides there, or is under the jurisdiction of these countries. Not so. Laughably not so. Actual physical location of a domain name has nothing to do where the data actually rests. That's all changed, too. The Great Data Export of 2015 is at hand.
Mandating physical provenance makes international infrastructure sales people happy, as the orders for the new NOCs, OpsCenters, data centers, whatever, causes a new set of islands to emerge, each needing maintenance, support, N+1, disaster recovery, backup, archiving, consulting, etc., etc.
It doesn't matter if the processes are open or closed source, as they're replicated, including personnel.
Each of these new, trying-to-emerge data centers will only have data from their jurisdiction, as new versions of Safe Harbor agreements become negotiated and renegotiated. The duplicated (need I say “triplicated”?) infrastructure is a huge boon, albeit stanching the flow for U.S. cloud services providers—but again, only in the short term. It's not quite the Monsanto-ing of U.S. IT products and services.
Here's why: storage never shrinks, as a causation of Moore' Law. The halving of cost and doubling of power means that more and obscure methods of squeezing revenue from data will continue. It will not abate for the foreseeable future. Data never really dies, it's just archived, no matter what “rights of being forgotten” are legislated. Some of the data may not be personally identifiable, but that point is moot. It's data, and it's never discarded, just put into a vat at Iron Mountain or some data locker, somewhere in the Data Balkans.
There is demand for the processing and services that hasn't quit. U.S. branches will have strengthened EU, Canadian, and other international efforts. The data will reside where it's mandated. The demand for data processing of all kinds hasn't waned.
In the light of another controversial endeavor, the Trans Pacific Partnership, Safe Harbor renegotiation will take a long time, it would seem, to come to fore. In the meantime, it's my estimation that only a narrow amount of cloud services will feel an impact, and then, perhaps, not for very long.