IMHO every contract from any level in government should stipulate that data can’t leave the EU without explicit consent. That would build up EU cloud providers since the big 3 would all be excluded.
This is already more or less the norm for many services, because of the GDPR and the ePrivacy directive, especially if you’re handling special personal data categories, and/or the service is for a government entity. There’s some caveats to this, but on a general level that’s already how things are.
But as was pointed out, the problem isn’t getting folks to host things in the EU since it’s not like only European companies have data centers in the EU, but to use European cloud providers. Vendor lock-in is a real issue, however; no European provider can give you what AWS or GCP can, and migrating to something else might require a lot of work depending on which services you’ve been using.
The US PATRIOT Act makes data storage location irrelevant. If the USA sanctions your country, the cloud gets turned off whether the data centre is local or not.
The USA is able to exercise soft power around the world because of and through its control of finance and now data.
I think you missed OPs point. They shouldn’t use data centres of US american companies even if they’re located in the EU because they already can’t guarantee that data isn’t leaving the EU. CLOUD Act is more relevant here than the USA PATRIOT Act.
They do not mean anything if they are not GDPR Business compliant. They can not guarantee the inaccessability by us gov branches. The EU needs solutions independent off the haircolor of the next US President.
i mean they’re not allowed to do business here if they aren’t. i’m not saying they are, but they put up a good enough façade that governments trust them, and they haven’t been caught yet.
it’s required by law that they disclose that in their SLA, which means that when governments question it they at least say that they’re making exceptions. apparently that’s good enough, but it probably doesn’t stand up to an independent audit.
IMHO every contract from any level in government should stipulate that data can’t leave the EU without explicit consent. That would build up EU cloud providers since the big 3 would all be excluded.
This is already more or less the norm for many services, because of the GDPR and the ePrivacy directive, especially if you’re handling special personal data categories, and/or the service is for a government entity. There’s some caveats to this, but on a general level that’s already how things are.
But as was pointed out, the problem isn’t getting folks to host things in the EU since it’s not like only European companies have data centers in the EU, but to use European cloud providers. Vendor lock-in is a real issue, however; no European provider can give you what AWS or GCP can, and migrating to something else might require a lot of work depending on which services you’ve been using.
The US PATRIOT Act makes data storage location irrelevant. If the USA sanctions your country, the cloud gets turned off whether the data centre is local or not.
The USA is able to exercise soft power around the world because of and through its control of finance and now data.
I think you missed OPs point. They shouldn’t use data centres of US american companies even if they’re located in the EU because they already can’t guarantee that data isn’t leaving the EU. CLOUD Act is more relevant here than the USA PATRIOT Act.
microsoft alone has like 25 datacenters in the EU.
They do not mean anything if they are not GDPR Business compliant. They can not guarantee the inaccessability by us gov branches. The EU needs solutions independent off the haircolor of the next US President.
i mean they’re not allowed to do business here if they aren’t. i’m not saying they are, but they put up a good enough façade that governments trust them, and they haven’t been caught yet.
But they are a US company and US law can subpoena EU data without EU gov authorisation, so the fact their DC’s are in the EU is basically irrelevant.
Should the EU use Russian or Chinese DC’s based in the EU?
it’s required by law that they disclose that in their SLA, which means that when governments question it they at least say that they’re making exceptions. apparently that’s good enough, but it probably doesn’t stand up to an independent audit.