Fair Principle 3: Customers shall remain in control of their own data and all the data uploaded or processed by the service/solution.

Data, data, data … Data is the new gold, data is the new oil. Data is not only the utility of the data economy but also the raw material for this same data economy.

Data are both input and output for cloud providers who create their value in a data transformation process where some providers become even more powerful. Once data are hosted at the provider two crucial questions arise:

• How can the customer access them or get them back, how often, at which cost?
• What does the provider do with the (consolidated) data?

Employees and employers sign an employment contract with terms and conditions. A vendor who offers an ICT service or product, concludes an agreement with his customer, stipulating what the service is, what the payment is, etc… in the terms and conditions (T&C). The T&C form the basis of the relationship that people and/or companies enter into.

These can change as the market evolves and as the technologies mature and are replaced. Customers need different services, invest or divest, etc… T&C reflect the past and current state of the market and are a force to shape the future. Moreover, they are proof of the relationship between vendors and customers.

Unfortunately, given the structure of the cloud market and the asymmetric bargaining power, the current terms and conditions do not reflect a thriving market where both vendors and customers find space to evolve. That is precisely why this new data economy needs a number of new rules to restore the balance in these terms and conditions.

Privacy is a basic human right and the GDPR framework has ensured (among other things by introducing the explicit consent principle) that personal data must be handled correctly, but what about company data? The standard terms and conditions should specify the customer’s right to their company data, the processing and the restrictions. Data that has been processed and potentially enriched by the vendor solution and relevant meta data, shall still remain solely property of the customer. The proprietary algorithms remain under ownership of the vendor. Vendors shall not reuse data of the customer for their own purposes (such as service improvement or statistics). Too many times vendors consider the use of the service as the consent by the customer to allow the vendor to process and use the data outside of delivering the services.

All the above can be summarized in a simple third principle that should be respected and correctly reflected in the terms and conditions of all cloud providers; customers shall remain in control of their own data and all the data uploaded or processed by the service/solution.

Business users associations Beltug, Voice, Cigref and CIO Platform Nederland call for a balanced cloud market: read all 11 fair principles to unleash Europe’s digital potential here.