This week I’ve attended an event and one of the other attendees has voiced an interesting thought, which deserves a brief footnote here, for future reference.
Since March 2018 the US Government had passed the so called Cloud Act, which basically “allows federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil.”
According to my vis-a-vis, this means that no EU company can now trust their data to cloud services offered by US companies – even if the datacenters themselves are located in EU, the US government basically now can demand access to any data of EU residents.
The devil, is, as usual, in details, Let’s read a little deeper:
“[CLOUD Act] asserts that U.S. data and communication companies must provide stored data for U.S. citizens on any server they own and operate when requested by warrant,
but provides mechanisms for the companies or the courts to reject or challenge these if they believe the request violates the privacy rights of the foreign country the data is stored in.
It also provides an alternative and expedited route to MLATs through “executive agreements”; the executive branch is given the ability to enter into bi-lateral agreements with foreign countries to provide requested data related to its citizens in a streamlined manner, as long as the Attorney General, with concurrence of the Secretary of State, agree that the foreign country has sufficient protections in place to restrict access to data related to United States citizens.”
- It only applies to US Citizen data.
- Local privacy laws and individual data privacy agreements allow for rejections and challenges of such requests.
So, EU citizens stay at exactly the same level of protection as before, the new fears are unfounded. What do you think? Do you trust your data to the cloud?