While one might expect to hear about security, privacy, and compliance at the security-oriented RSA Conference in San Francisco, these are less likely to be headline topics at the annual consumer electronics show, Cebit, or the eclectic South by SouthWest (SXSW) event in Austin, TX. But this year, privacy and security were hot topics at Cebit and at SXSW.

Speaking at Cebit, German Chancellor Angela Merkel discussed this year’s theme: the responsible use of data. She noted that the “digital world has to be given a legal framework, an underlying order.” The European Union (EU) has for several years been working on a major update to its Data Protection Regulation, which if adopted, would have significant impact on technology companies that collect data on European citizens, particularly cloud providers.

The importance of security and privacy in Europe has grown due to the revelations of Edward Snowden, the National Security Agency (NSA) contractor that made off with a trove of classified material last year. Surprisingly, Snowden was a speaker at SXSW this year (speaking via Google Hangout, no less). Whatever your view on Snowden’s actions, there is no denying that his actions have kept security and privacy in the mainstream news. Some of the documents that Snowden released have also raised questions regarding the appropriateness of employing US-based technology companies, particularly cloud service providers.

One estimate suggested that the revelations could cause US-based cloud service providers to lose between US$22 and US$35 billion over three years due to distrust in the ability of US-based cloud service providers (CSPs) to ensure data protection. Data protection, cloud security, and compliance are now top-of-mind issues as businesses move to mainstream adoption of cloud services.

Lately, cloud service providers have become much more engaged in addressing the compliance concerns of customers. The good news is that in spite of the long-time concerns surrounding security and compliance of data in cloud environments, progress is being made on both fronts. There is still much work to be done, but increasingly there is some good (news) along with the bad and the ugly. For a closer look at compliance in the age of cloud, see the recent NSS brief Compliance in the Age of Cloud: The Good, the Bad, and the Ugly.