In a letter (reported at digi.no) to the Narvik Municipality (which has started to use Google Mail and other cloud-based applications, effectively putting much of its infrastructure in the Cloud) the Norwegian Data Inspectorate (http://www.datatilsynet.no/English/), a government watchdog for privacy issues, effectively prohibits use of Google Apps, at least for communication of personal information. A key point in this decision seems to be that Google will not tell where in the world the data is stored, and, under the Patriot Act, the US government can access the data without a court order.
Companies and government organizations in Norway are required to follow the Norwegian privacy laws, which, amongst other things, requires that “personal information” (of which much can be communicated between a citizen and municipal tax, health and social service authorities) should be secured, and that personal information collected for one purpose may not be used for other purposes without the owner’s expressed permission.
This has interesting implications for cloud computing – many European countries have similar watchdogs as Norway, and many public and private organizations are interested in using Google’s services for their communication needs. My guess is that Google will need to offer some sort of reassurance that the data is outside of US jurisdiction, or effectively forgo this market to other competitors, such as Microsoft of some of the local consulting companies, which are busy building their own private clouds. Should be an interesting discussion at Google – the Data Inspectorate is a quite popular watchdog, Norway has some of the strongest privacy protection laws in the world (though, for some reason, it publishes people’s income and tax details), and Google’s motto of “Don’t be evil” might be put to the test here – national laws limiting global infrastructures.