Opinion: US Authorities Have Far-Reaching Access to European Cloud Data
2 days ago
- #cloud security
- #data sovereignty
- #US jurisdiction
- US authorities have extensive access to data stored in European cloud infrastructures due to US laws like the Stored Communications Act (SCA) and Section 702 of the Foreign Intelligence Surveillance Act (FISA).
- Jurisdiction of US laws extends to data stored outside the US if controlled by US companies or their subsidiaries, including data centers in Europe.
- European companies with business connections in the US may also be subject to US data access laws, broadening the risk across the European internal market.
- Technical measures like encryption may not fully prevent data disclosure obligations under US law, with potential fines or criminal consequences for non-compliance.
- The GDPR allows European supervisory authorities to prohibit data transfers to third countries, but legal tensions persist due to the global reach of US laws.
- The use of cloud solutions like Microsoft 365 in compliance with data protection regulations is debated, with some experts emphasizing the need for risk assessments and compliance measures.