Things are gradually becoming critical for European companies!
A brief but important classification:
1. the legal situation:
The U.S. CLOUD Act allows the American government to access all data (business + private) as long as it is located on servers of U.S. companies. It does not matter where these servers are located and by whom they are operated – as long as there is a U.S. parent company. Orders can also be issued directly by decree, for example(https://www.heise.de/news/Strafgerichtshof-Microsofts-E-Mail-Sperre-als-Weckruf-fuer-digitale-Souveraenitaet-10387368.html)
2. national and EU law:
It is now often argued that the U.S. CLOUD Act would not apply if, for example, European subsidiaries of the U.S. provider were to violate European law(https://www.m365einfuehrung.de/blog/microsoft-unter-eid-was-wirklich-hinter-dem-cloud-act-steckt).
All-clear? No, because how would that work in practice?
3. current example case:
Microsoft recently blocked the email account of a high-ranking EU politician(https://www.heise.de/news/Strafgerichtshof-Microsofts-E-Mail-Sperre-als-Weckruf-fuer-digitale-Souveraenitaet-10387368.html)– by order. Legal action then had to be taken, but the account remained blocked for the time being.
Thinking further: Your data would therefore be blocked (and therefore no longer usable for you) or – even worse – already released and you could then fight to have it protected again.
4. assurances and the “damper”:
Until now, many U.S. companies have been on a major “charm offensive”, promising digital sovereignty. Now, however, Microsoft managers have admitted under oath that they cannot guarantee protection from the CLOUD Act(https://www.itmagazine.ch/artikel/85137/Unter_Eid_Microsoft_kann_Schutz_vor_Cloud_Act_nicht_garantieren.html).
This must be a wake-up call for all European companies!
So what to do?
– Encryption? It helps, but only as long as the encryption methods are secure in the long term (keyword: post-quantum encryption).
– Relocate? Certainly an option, but a huge effort. In addition, sovereign European cloud structures are only just being established and we have all become very accustomed to the convenient Microsoft services
– but in any case: take the issue seriously and don’t ignore it!
Company data and knowledge are worth protecting. They represent your assets and your competitive advantage. We no longer just have to deal with the threat of hackers, but also with international law and derive suitable strategies from it.
#informatikersindcool#law is becoming more and more important#itandrightmostright
P.S. Cloud here does not stand for “the cloud” but for “Clarifying Lawful Overseas Use of Data Act”