We often think that internal processes or business decisions influence an institution to choose a cloud solution over on-premises software. After all, cloud solutions are cost-effective, reliable, and almost always available and comply with local security and data protection regulations.
Despite the many advantages, challenges exist for cloud solutions. Adopting the Patriot Act in 2006 and its modifications in 2012 allows the US government to look at any business records to protect the nation from potential terrorist attacks. As a result, many countries didn’t want to store personal (student) data on US-based data servers. Since we are an edtech company analyzing product implementations, we will not discuss the pertinence of this law or the possible effects on the population in general. We prefer to focus this article on how this law impacted cloud solutions in terms of implementations from 2011 to 2022.
Some Historical Dates
April 2000: The Canadian Government assented to the Personal Information Protection and Electronic Documents Act to govern the collection, use, and disclosure of personal information in a manner that recognizes the right to privacy of individuals.
October 2001: Following 9/11, the American Senate adopted the USA PATRIOT Act on October 25.
May 2016: The European Parliament and Council of the European Union passed the General Data Protection Regulation (GDPR) to establish the general obligations of data controllers and of those processing personal data on their behalf (processors).
We could think that the Patriot Act did not impact cloud solutions significantly. While new implementations of SIS, LMS, and email systems in North America have been at least 55% in the cloud since 2011 (with peaks at up to 85%), European institutions only started to use cloud-based systems massively after the European Parliament has passed the GDPR in 2016. In the Middle East, we observe a similar situation to Europe. Bahrein (2019), Israel (2017), Qatar (2016), and Turkey (2016) have passed laws to protect personal data online. In Africa, similar laws have also been passed: Kenya (2019), Mauritius (2017), Nigeria (2019), South Africa (2020), and Uganda (2019).
When Cloud Implementations Follow Policies
When we look more closely at the new implementation graph, we notice that following the adoption of the data protection law in some countries, a rise in cloud implementations for the continent is observed. It is obvious in Africa (for 2021) and Europe (since 2017). Even if Australia has a Privacy Act, since it was adopted in 1988 (and revised in 2000), we see a different correlation between adopting the act and changes in cloud implementations.
Since the different governments have adopted laws to protect personal data, cloud-hosting companies, such as AWS, Microsoft and Google have established server farms in many regions of the world. A rapid overview of the global map for the three most important providers supports this idea.
In this article, we have not explored other reasons institutions from around the world would select on-premises software. Although cloud solutions could be cost-effective, if an institution already has in-house servers, they might use them until end-of-life to avoid the monthly/annually subscriptions of cloud solutions.