CLOUD Act on a collision course with EU privacy law

Companies all over the world have been busy with the General Data Protection Regulation (GDPR), in the meantime the U.S. government has recently enforced legislation that goes against data privacy.

Signed earlier this year on March 23, the Clarifying Lawful Use of Overseas Data (CLOUD) Act allows U.S law enforcement to access data from U.S. company servers, anywhere in the world.

The Cloud Act raises concerns over data privacy

This of course raises many questions in regards to privacy and directly enters on a collision course with GDPR. Despite raising concerns about the CLOUD Act, some technology companies have publicly supported the CLOUD Act.

Microsoft itself describes it as a “critical step” forward, that creates a “legal framework for how law enforcement agencies can access data across borders”. The Cloud Act will directly impact U.S companies but will require agreements with other countries in order to facilitate data sharing with law enforcement agencies.

The new piece of U.S. legislation updates decades old U.S privacy and surveillance law. However instead of reinforcing data privacy rights, it goes in the other direction, providing more government access.

How will the Cloud Act and GDPR impact your business? 

The European Union has been busy with the GDPR which will come into force on the 25th of May. The new regulation forces companies to implement more secure data processing mechanisms for their customers, in an effort to reinforce user privacy.

The Cloud Act sets a dangerous precedent and continues to raise already existing concerns about U.S companies in Europe.

U.S. Law enforcement agencies could have direct access to your company data, if you host it with an American company. Even if the data is hosted in Europe, you would be relying on the company to challenge this request from the US.

Cloud Act vs. GDPR

There is a good chance your business will be impacted by both of these regulations. However, they are different in nature. GDPR will force businesses to process user data more carefully and give more rights to the owners of these data. On the other hand, the CLOUD act further reinforces U.S. law enforcement agencies access to data stored online.

How can you avoid the CLOUD act?

Most companies these days store data online in one way or another. Making sure you store your data in Europe and choosing a European provider is already a good step towards guaranteeing your privacy.

As it stands, the CLOUD act directly impacts U.S. based companies, only through bilateral agreements with different countries could they go beyond that scope.

Make sure your business is ready to meet compliance requirements, you can start doing that by storing your data in a GDPR ready cloud solution. Start a trial now keep your data private.

Additional Sources: Microsoft, diplomacy, Handelsblatt, EDRi

Leave a Reply

Your email address will not be published. Required fields are marked *