"The core of the problem lies in a direct and irreconcilable legal conflict. The US CLOUD Act of 2018 allows American authorities to compel US-based technology companies to provide requested data, regardless of where that data is stored globally. This places European organizations in a precarious position, as it directly clashes with Europe's own stringent privacy regulation, the General Data Protection Regulation (GDPR)."
"This creates a risk that is difficult, if not impossible, to mitigate contractually. Any private contract between a European customer and a US cloud provider is ultimately subordinate to US federal law. A warrant issued under the CLOUD Act legally compels an American company to hand over data, overriding any contractual commitments of data residency or privacy. Furthermore, these warrants often come with a gag order, legally prohibiting the provider from informing their customer that their data has been accessed."
Europe relies on US cloud infrastructure for roughly 90 percent of services, creating a major dependency that limits technological autonomy. Several public authorities in Austria, Germany and France, plus the International Criminal Court, are pursuing alternatives and local control over IT systems. The US CLOUD Act empowers American authorities to compel US-based companies to disclose data worldwide, directly conflicting with the GDPR and overriding contractual data-residency promises. Gag orders can prevent notification to affected customers. Encryption can only protect data when key control is outside US providers. These legal and commercial realities make contractual and technical fixes insufficient for true sovereignty.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]