BREAKING NEWS: ECJ rules US Cloud services fundamentally incompatible with EU Privacy laws

Post date

July 16, 2020

Categories
Author

Jos Poortvliet

The US “culture of surveillance” received a major EU push back today, with the European Court of Justice ruling against the legitimacy of the EU’s Standard Contractual Clauses as a way of transferring data to legal regimes outside of the Union. As we wrote 2 years ago, the Austrian Max Schrems, responsible for the previous dismissal of the ‘Safe Harbour’ agreement between the US and EU, stated that its successor “Privacy Shield goes down as soon as EU Courts deliberate”. It seems he was right.

As covered yesterday at Euroactiv:

Schrems’ concern is that Section 702 of the US Foreign Intelligence Surveillance Act (FISA), permits the National Security Agency to collect foreign intelligence belonging to non-Americans located outside the US, by way of obtaining their data stored with electronic communications services providers, such as Facebook.

EU Court of Justice in session
The European Court of Justice in session (image via Court of Justice of the European Union)

Indeed, regulations like the Cloud Act have already resulted in US cloud companies giving up the fight for privacy, prompting European cloud giants to team up and provide an alternative.

Ruling today: no more “Privacy Shield”

Today, the CJEU Judgement invalidates “Privacy Shield” in a US Surveillance case. The first statement from Max Schrems’ NOYB organization on the CJEU ruling can be read here.

Their statement notes that the EU Commission gave in to US pressure, not undertaking a deep assessment of US surveillance laws but quickly passing Privacy Shield to protect the business of US businesses to the detriment of the privacy and security of EU citizens. Quoting Herwig Hofmann, law professor at the University of Luxembourg and one of the lawyers arguing the Schrems cases before the CJEU:

The CJEU has invalidated the second Commission decision violating EU fundamental data protection rights. There can be no transfer of data to a country with forms of mass surveillance. As long as US-law gives its government the powers to vacuum-up EU data transiting to the US, such instruments will be invalidated again and again. The Commission’s acceptance of US surveillance laws in the Privacy Shield decision left them without defence.

Many German Data Protection Authorities have already concluded at various points that the use of Office 365 in schools is illegal and use of foreign-hosted chat and video communication services poses compliance problems, recommending Nextcloud Talk instead. The Swedish and Dutch have come to the same conclusion repeatedly. The CJEU rules that DPA’s have a duty to take action and not bow under political pressure, as has happened repeatedly already. Just looking away is not a solution.

Consequence: US cloud services not GDPR compliant

US cloud firms like Microsoft are already regularly shown to flaunt European privacy laws, as was shown again recently in an extensive Data Protection Impact Assessment of Office 365 by the Dutch government exposing dozens of GDPR violations.

With this latest ruling, the ECJ puts another major roadblock in the way of US cloud services, challenging the basic premise that they are a viable solution for use with any privacy-sensitive data. Businesses, schools and government organizations putting data from their employees, customers, students and citizens on Office 365, Google G Suite or one of the dozens of other US-based SaaS services now risk massive fines under the GDPR.


DPIA commisioned by the Dutch government mid 2020 shows a series of issues in Office 365

Other posts

Nextcloud nominated for the CloudComputing-Insider Award 2025

Vote for Nextcloud in the CloudComputing-Insider IT Awards 2025

For the ninth time, Nextcloud has been nominated for the CloudComputing-Insider Readers’ Choice Award in the category of Cloud Content Management. We’d love to reach the top again! And we’re looking for the support of you and everyone else in our amazing community to get there. Nextcloud as the best Cloud Content Management tool? Only […]

Read More
Best Nextcloud productivity apps to organize your workspace

Best Nextcloud productivity apps to organize your workspace: some of our top picks

As Nextcloud offers a large ecosystem of apps, it can be hard to find the best productivity apps to meet your needs and preferences. With so many options, how do you choose the right ones? In this blog post, we highlight some of our top Nextcloud apps to organize your online office. The perfect digital […]

Read More
Nextcloud Awards 2025 blog featured image

Nextcloud Awards 2025

Privacy is the foundation of democracy. And yet, digital infrastructure remains largely in the hands of a few powerful actors. While public debate focuses on AI hype and innovation races, much of the real power lies elsewhere: in the platforms we depend on, the standards we adopt, and the decisions we don’t question. That’s why we’re launching the Nextcloud Awards – and that's why we launch it now.

Read More
Featured image Nextcloud Summit 2025

Digital sovereignty in Munich: Join us at the Nextcloud Summit 2025

Following the overwhelming success of our Enterprise Days, Nextcloud is proud to launch its very first Summit on digital sovereignty. Whereas the Enterprise Days have a clear focus on Nextcloud as a platform and technology, with the Summit, we want to address the wider market around digitally sovereign collaboration technology. This exclusive one-day event bridges […]

Read More
Nextcloud Hub 10 featured image

Nextcloud Hub 10 – your unified, modular digital workspace

Welcome Nextcloud Hub 10. Our latest release comes with reinforced performance in every app, deeper integration across the platform, and dozens of new features that will make your day easier.

Read More
Nextcloud powering the digital workspace of tomorrow - 2024 in review

Nextcloud powering the digital workspace of tomorrow: 2024 in review

In the Nextcloud 2024 wrap-up, we want to take a moment to celebrate this year's achievements. Join us as we continue to reimagine what’s possible - shaping a world where open source, privacy and connection come together and drive progress for the greater good. 

Read More

The open source answer to Microsoft Teams

Organisations, small and large, need a way to ensure the resiliency and digital sovereignty of their operations – an open-source, privacy-respecting alternative to Teams. And today, we present that solution - Nextcloud Talk.

Read More
Nextcloud Recognized with World Summit Award Germany

Nextcloud recognized with World Summit Award Germany

Nextcloud has been recognized with the World Summit Award Germany that selects and promotes local digital innovation improving society, aiming to contribute to the United Nations' agenda of sustainable development goals.

Read More
Nextcloud IT-Awards 2024

Nextcloud wins Platinum at the IT Awards 2024!

Nextcloud has been awarded Platinum at the IT Awards 2024. Today, we celebrate this win together!

Read More
Meet the first open-source AI assistant that doesn't prey on your data

Meet the first open-source AI assistant that doesn't prey on your data

The first ethical, open-source AI assistant that can get a multitude of tasks done for you without compromising your data.

Read More
Nextcloud for DIE ZEIT: Microsoft’s anti-competitive behavior, PR stunts and salami slicing

Nextcloud for DIE ZEIT: Microsoft’s anti-competitive behavior, PR stunts and salami slicing

DIE ZEIT, a prominent German outlet, interviewed Nextcloud’s founder Frank Karlitschek for an article on Microsoft’s anti-competitive behaviour on the European office software market. Read for a recap of the article and the key takeaways.

Read More
MagentaCLOUD feature image

How T-Systems migrated millions of MagentaCLOUD users to Nextcloud

MagentaCLOUD’s migration to Nextcloud in 2021 resulted in a fully equipped Online Storage with an integrated online office suite that further improves the user experience, flexibility and security for customers.

Read More

Nextcloud releases Assistant 2.0 and pushes AI-as-a-Service

We bring you a major update to the Nextcloud AI Assistant, plus the news we work with several big hosting providers like IONOS and OVHcloud to bring AI-as-a-Service options to you!

Read More
Bechtle and Nextcloud offer a digitally sovereign service for the public sector

Bechtle and Nextcloud offer digitally sovereign collaboration services for the public sector

Bechtle and Nextcloud announce today a complete managed collaboration platform for the public sector that requires no tender and can be deployed immediately.

Read More

Migrating from ownCloud to Nextcloud

Discover how to make the switch from ownCloud to Nextcloud. Our quick guide provides insights into the migration process, helping you make the transition smoothly.

Read More
Owncloud Nextcloud Kiteworks migration tools

Kiteworks acquires ownCloud & Dracoon

Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]

Read More
Frank Karlitschek, Nextcloud founder, wins the European SFS Award

Nextcloud founder earns European Free Software Award

Nextcloud founder and CEO Frank Karlitschek earns the honorary SFS Award at the 20th annual SFSCON taking place in South Tyrol, Italy.

Read More
Minister of Digitization of Schleswig-Holstein and Nextcloud CEO shake hands

German state & Nextcloud build digitally sovereign AI for public sector

As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.

Read More
ethical ai

AI in Nextcloud: what, why and how

Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]

Read More
Integrating AI into your business Nextcloud Assistant use case

Integrating AI into your business without selling your data to Big Tech

Integrating AI into your business is no longer optional. But you don’t need to surrender your data to Big Tech to keep up. What started as hype has become a necessity to improve customer experience and enable your team to do more of what they do best. However, AI is merely a tool to achieve […]

Read More
Minor Nextcloud updates released

Out-of-band hotfixes for Nextcloud Hub 8, 9 and 10

We released out-of-band hotfixes for Nextcloud Hub 8, 9 and 10 to address the issue with installation of the new instances. Read an update summary and access full changelog on the website.

Read More
Remote backup guide for Nexcloud AIO

How to back up and restore Nextcloud AIO remotely using BorgBackup

Read this post to learn how to do a remote backup for Nextcloud to improve security and resilience of your instance.

Read More

Start the discussion at the
Nextcloud forums

Go to Forums