Mid July, the European Court of Justice struck down the Privacy Shield agreement between the EU and the US. The court ruled US law incompatible with EU privacy regulations, as US government agencies have access to data of EU citizens managed or stored by US firms. This violates the Charter of Fundamental Rights of the European Union and the GDPR.
In essence the ruling means that US companies can not handle data in compliance with the GDPR. European data centers or Standard Contractual Clauses (SCCs) are no solution, as access to data already defines a data transfer and US law supersedes contract law. The only legal solution to regain compliance with EU law is to immediately stop data transfers to the US businesses and repatriate data currently residing with them (source)
The European Court of Justice ruled that the US government infringes on the data protection rights of EU citizens and thus invalidated Privacy Shield, the agreement covering data transfers between the EU and the US. Either the US will have to change its laws (FISA and Executive order 12333 in particular) and keep its security agencies and courts from snooping in data of EU citizens, or the EU will have to change its laws and reduce it’s legal security and privacy guarantees.
As US firms can no longer comply with the GDPR, businesses in Europe have to immediately stop giving US businesses access to personal data of EU citizens. Cloud services like Google services, Dropbox or Microsoft365 can no longer be used for personal data. On premises solutions from US firms can still be used, as can purely EU hosted and managed cloud platforms.
What to do
To ensure compliance with EU privacy laws, European firms should stop data transfers to the US and thus move to on-premises or EU hosted alternatives. For example, Mirosoft Office Online Server can still be used, as can alternatives like Collabora Online or ONLYOFFICE. For full online productivity, solutions like IONOS’ Nextcloud offering can easily guarantee GDPR compliance by using Europe’s largest hosting provider with worlds’ most deployed on-premises collaboration platform.
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]