Non-EU cloud services could be spying on your data!
One of the most immediate effects of the Schrems II judgment was to reignite the discussion about "data sovereignty" in Europe.
"A couple of months later, in October 2020, ambitious plans for an "EU cloud initiative" were announced and it was reported that the EU intended to spend up to €10 billion over the next seven years to help build up a homegrown cloud computing sector capable of competing with foreign multinational corporations such as Amazon, Google and Alibaba.""The CJEU has made it refreshingly clear that data exports are not just financial decisions, as people’s fundamental rights must also be considered as a matter of priority. This ruling will put an end to the transfer of personal data to the USA for the sake of convenience or to cut costs. Now is the time for Europe to become digitally independent."
A couple of months later, in October 2020, ambitious plans for an "EU cloud initiative" were announced and it was reported that the EU intended to spend up to €10 billion over the next seven years to help build up a homegrown cloud computing sector capable of competing with foreign multinational corporations such as Amazon, Google and Alibaba.
Since the beginning of the new Von der Leyen Commission, EU policymakers have been pushing for greater independence from US and Chinese technology, in particular in the field of data.
The EU Commissioner for the Internal Market, Thierry Breton, has repeatedly stated that he wants Europe to win the "battle for industrial data" and for European data to be "stored and processed in Europe".
It remains to be seen how much substance there is to the rhetoric of EU technocrats like Breton and whether or not the ambitious plans for the "EU cloud initiative" will in fact blossom and bear fruit.
Whatever the longer-term outcome may be, there seems to be a discernible increase in the number of European cloud service providers claiming to provide "CLOUD Act-safe" alternatives to the offerings of large US corporations such as Google, Amazon or Microsoft.
"It remains to be seen how much substance there is to the rhetoric of EU technocrats like Breton and whether or not the ambitious plans for the "EU cloud initiative" will in fact blossom and bear fruit."This rapidly growing sector includes smaller providers such as the German-based IONOS headquartered in Berlin and the Austrian-based Anexia headquartered in Klagenfurt.
Against the backdrop of well-founded legal and political concerns about reliance on US-based cloud providers and clearly articulated aspirations to European "data sovereignty", it is something of a mystery as to why a patent office bearing the name "European" would decide to hitch its horse to the Microsoft bandwagon as the EPO has done.
Perhaps some bean-counter at the EPO came to the conclusion that there was a "sound business case" for this move.
But, as Berlin's Data Protection Commissioner has noted, such decisions about outsourcing data processing are "not just financial decisions". They also have important legal and political aspects which deserve to be given serious consideration.
"...it is something of a mystery as to why a patent office bearing the name "European" would decide to hitch its horse to the Microsoft bandwagon as the EPO has done."Before committing to any decision of this kind it's always a good idea to "know your vendor" and to make sure that they are fully compliant with the local data protection regulations.
Bearing that in mind, in the next part we will turn our attention to the EPO's chosen cloud service provider and take a look at some of its run-ins with various European data protection authorities. ⬆