Leverage Nextcloud as a Service and let our expert team handle the complete deployment, management, and maintenance of your secure and GDPR-compliant cloud environment.
Frankfurt/Main, November 7, 2023 – “Even though most companies in Europe have only insufficient knowledge of the Cloud Act, it has major implications for our digital data. The legislation has been in effect since 2018 and affects anyone who, as a private individual or as a company, has processed or stored data in a cloud offered by a US company.
The law passed by the United States forces US cloud providers such as Google Cloud, Microsoft Azure, Amazon Web Services, or Dropbox to make data stored in the cloud accessible to US authorities upon request. It therefore effectively overrides the GDPR regulations. In short: Data in US clouds is generally accessible to American authorities.
US providers of cloud services are put in the unfortunate position of having to act unlawfully due to the Cloud Act. This is because it proves impossible for a company to comply with both the GDPR and the Cloud Act at the same time: they contradict each other. A US company with servers located in the EU is obliged to grant US authorities access to the servers, even though the GDPR prohibits it. It is therefore to be feared that data processed or stored in the cloud can be retrieved or searched.
However, the protection of personal information is only one half of the problem. The other is the question of data sovereignty. The Cloud Act authorizes American authorities to demand the disclosure of all data stored in a company’s American cloud services. As a result, companies effectively lose control over their information and thus over their intellectual property, in particular their business and trade secrets.
However, interference with your own data sovereignty and violations of the GDPR can be avoided. All it takes is a good cloud provider from Europe. And open-source software that ensures data protection and data sovereignty. Because its source code is openly available, software cannot contain backdoors through which data could leak to unauthorized third parties. Another advantage: Since open-source software consistently relies on open standards and can be customized and further developed individually, there is no vendor lock-in.
Open-source providers have long been working on integrating their applications in order to offer end-to-end solutions as a true alternative with comparable ease of use. Even today, companies use the cloud services of the hyperscalers without putting sensitive information at risk and without risking violations of the GDPR.
However, high standards in data protection and data sovereignty can only be preserved in Europe if European companies achieve a certain degree of autonomy in the digital market. This requires an increased prioritization on creating favorable framework conditions. These must drive the development of domestic IT solutions that can compete with overseas services. Yet, it is certainly possible to manage without the US giants – after all, there are enough good alternatives.
