These four challenges point to some new themes that will soon be part of leading climate and corporate responsibility practice for cloud services providers:
- Location matters. One of the greatest opportunities for cloud carbon reduction is with siting, since energy makes up such a large share of a data center’s footprint and the carbon content of electricity is determined by the local grid’s portfolio. This makes alignment among sustainability, operations and real estate teams crucial for managing carbon performance. Furthermore, the building companies that are erecting data centers have a responsibility to educate their clients about the carbon impacts and risks that result from the location they have chosen. They also have an opportunity to strengthen relationships by offering better insights and services to help clients get the most out of low-carbon siting.
- Companies have a role in influencing electricity grids. Because data centers can be large energy customers, an additional point of leverage for developers and operators is to influence local policymakers and utilities to invest in more sustainable energy sources. Initially, this might seem radical. But savvy companies already negotiate electricity prices with utilities and engage with local governments on a range of policy issues, so this can be an extension of those conversations. Also, power utilities are effectively key suppliers -- if not the key supplier -- for energy-intense data centers and the practice of engaging suppliers on sustainability is a common frame of reference.
- Transparency will enhance collaboration. Data center operators need to be more proactive about advancing carbon transparency by reporting as much as they can about carbon impacts through the Carbon Disclosure Project and communicating more earnestly about what can and cannot be disclosed. The more information companies can provide, the more tools researchers, civil society and service providers will have to establish metrics and public policies that improve incentives for investments in energy and carbon-efficient operations.
The Cloud and Human Rights
The extent to which the cloud affects human rights will depend on the range of services it provides. For example, there will be less of a risk associated with corporate information than personal communications. Some categories of customers (such as civil society organizations) may have more reason to be cautious than others (such as multinational corporations).
We believe cloud-services providers should consider their human rights' responsibility in two main dimensions: data center location and their role as gatekeepers to information.
The first responsibility is for a company to factor in human rights considerations when deciding on a data center location. In addition to price and local energy supply, a key factor in determining the ideal location for a data center is the local legal context. While some countries have strong privacy and security laws and practices, others do not, and this variation can significantly affect the cloud’s impact on privacy, security and freedom of expression.
When it comes to siting data centers, companies are understandably nervous about storing data in jurisdictions that may not respect the rights of their users and customers. For this reason, they often choose to locate data centers in places with favorable privacy laws, even if that means storing the data in a country outside the user’s location. Yahoo, for example, chose to locate its services targeted at the Vietnamese market in Singapore. However, governments are becoming wise to this and can retaliate by requiring that data be located within the country if the business is licensed to operate there.
The second responsibility of the cloud provider relates to its role as the gatekeeper of user data when law enforcement comes knocking for personal information. In theory, it is the customer -- the bank or the retailer, for example, and not the cloud-services provider -- that responds to a law enforcement demand. However, what often happens in a law enforcement context is shrouded in mystery. There are various controls and conditions that a local government can implement as part of the operating license that could bypass the customer altogether and go straight to the cloud-services provider. Additionally, and very importantly, when a cloud company provides services such as email or file storage to an individual customer, it is the company that decides whether to give in to law enforcement demand, not the customer.
This places cloud-services providers in a difficult position: In theory, they exist to provide virtual services to anyone, anywhere, unrestricted by traditional geographical boundaries or physical presence. In reality, the cloud is connected to the ground, and there is a very real ethical question about where to locate its physical presence. And as more business transactions take place in the cloud, cloud-services companies are caught between protecting the rights of their users and abiding by the law enforcement demands of their regulators.
Next page: How to make your cloud more ethical