For years, the question of whether storing personal data in US-based cloud services complies with European privacy laws has been a legal and political minefield. While the EU and US have repeatedly attempted to establish frameworks to enable transatlantic data flows, these agreements have consistently failed to withstand legal scrutiny.
The latest iteration of those attempts, the EU-US Data Privacy Framework (DPF), is now facing the same fate as its predecessors — rendered practically defunct due to structural issues and alarming developments in US oversight mechanisms.
If the deal is revoked, this could turn disastrous for companies. Judges in the EU could make the use of US clouds illegal at any moment. Read on to understand what the current situation around the agreement could mean for businesses handling data across the continents.
A key provision in the DPF is the oversight function provided by the US Privacy and Civil Liberties Oversight Board (PCLOB). However, on January 27, the chairman of the board and two other members were dismissed, leaving only one active board member and a skeleton legal team of four staff members. Judge found the dismissal of the two members of the board unlawful.
With such a weakened oversight body, the fundamental concerns that led the Court of Justice of the European Union (CJEU) to strike down previous agreements remain unaddressed. The current DPF is unlikely to survive the inevitable legal challenges ahead, much like its predecessors, Privacy Shield and Safe Harbor.
From a legal perspective, the CJEU’s rulings on transatlantic data transfers have been clear: unless the US implements substantial legal reforms, no framework will provide sufficient protection under EU law. The General Data Protection Regulation (GDPR) requires that personal data be protected with a level of security equivalent to what is granted within the EU. However, under US law, foreign citizens lack the same privacy rights as US residents, and intelligence agencies retain broad access to data stored by US-based companies.
This means that, despite the existence of the DPF, organizations handling EU personal data must assess whether their transfers to US-based cloud providers comply with GDPR. In practice, this is difficult, if not impossible, without additional safeguards such as encryption, data localization, or alternative hosting solutions.
Companies relying on US cloud providers to store or process EU customer data are left in an uncertain position. Even if they adhere to the DPF, they may still be violating GDPR due to the unresolved structural issues. Legal challenges are inevitable, and it is only a matter of time before the CJEU is asked to review the framework once again.
For businesses, this could mean several things:
Given the ongoing legal uncertainties, businesses and government entities need solutions that ensure compliance with GDPR without depending on fragile political agreements. Nextcloud offers a fully self-hosted, Europe-based cloud collaboration platform that keeps data under the direct control of organizations. With on-premises hosting and strong encryption features, Nextcloud allows businesses to maintain compliance with EU privacy laws while avoiding the risks associated with US-based services.
Discover in this on-demand webinar how Nextcloud Hub stacks up against Microsoft 365, offering greater flexibility, privacy and full compliance. Includes a features demo and a Q&A session.
Watch on-demandAs history has shown, legal frameworks like Safe Harbor and Privacy Shield, and now the DPF, do not offer the stability or protection that businesses need. By choosing self-hosted solutions, organizations can future-proof their operations and guarantee compliance with the highest standards of data protection.
The EU-US Data Privacy Framework is already on shaky ground, and the recent turmoil at the PCLOB only further weakens its credibility. Companies that continue to rely on US cloud providers for handling EU personal data do so at their own legal and business risk. Now is the time to explore alternatives that prioritize data sovereignty and long-term compliance.
Nextcloud provides a reliable, secure, and GDPR-compliant solution that empowers businesses to take control of their data. As regulatory scrutiny increases, organizations must act proactively to protect their users and their operations from future legal challenges.
Regain control over your data. Try Nextcloud Hub 10 now without installation, or download the latest version.
The landing page for our upcoming Nextcloud Hub release is now live! On September 27, 2025, at 10AM (CEST), we will present the latest Nextcloud Hub live from the Nextcloud Community Conference in Berlin, Germany. And you can be part of it, too, by signing up for the online launch! While you’re registering, you might […]
Read More
Nextcloud has published its first Digital Sovereignty Index (DSI) to showcase the status of digital sovereign infrastructure.
Read More
In early 2025, BigTech hyperscalers in the US began to push new “sovereign cloud” offerings in a big PR campaign in Europe. In the past weeks, their narrative has collapsed. It’s not critics or watchdogs exposing the contradictions — the tech firms themselves have admitted their "sovereign" promises are empty.
Read More
Have you ever wondered how to develop an app for Nextcloud? With our tutorials, you can get started in no time! Start developing an app now.
Read More
Discover the Microsoft 365 alternative by Nextcloud and IONOS: the Nextcloud Workspace office suite, launching in the course of 2025.
Read More
Nextcloud becomes the first cloud software platform to earn the Blauer Engel ecolabel, proving that digitally sovereign and green IT is possible.
Read More
In the Nextcloud 2024 wrap-up, we want to take a moment to celebrate this year's achievements. Join us as we continue to reimagine what’s possible - shaping a world where open source, privacy and connection come together and drive progress for the greater good.
Read More
Organisations, small and large, need a way to ensure the resiliency and digital sovereignty of their operations – an open-source, privacy-respecting alternative to Teams. And today, we present that solution - Nextcloud Talk.
Read More
Nextcloud has been recognized with the World Summit Award Germany that selects and promotes local digital innovation improving society, aiming to contribute to the United Nations' agenda of sustainable development goals.
Read More
Nextcloud has been awarded Platinum at the IT Awards 2024. Today, we celebrate this win together!
Read More
The first ethical, open-source AI assistant that can get a multitude of tasks done for you without compromising your data.
Read More
DIE ZEIT, a prominent German outlet, interviewed Nextcloud’s founder Frank Karlitschek for an article on Microsoft’s anti-competitive behaviour on the European office software market. Read for a recap of the article and the key takeaways.
Read More
MagentaCLOUD’s migration to Nextcloud in 2021 resulted in a fully equipped Online Storage with an integrated online office suite that further improves the user experience, flexibility and security for customers.
Read More
We bring you a major update to the Nextcloud AI Assistant, plus the news we work with several big hosting providers like IONOS and OVHcloud to bring AI-as-a-Service options to you!
Read More
Bechtle and Nextcloud announce today a complete managed collaboration platform for the public sector that requires no tender and can be deployed immediately.
Read More
Discover how to make the switch from ownCloud to Nextcloud. Our quick guide provides insights into the migration process, helping you make the transition smoothly.
Read More
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
Read More
Nextcloud founder and CEO Frank Karlitschek earns the honorary SFS Award at the 20th annual SFSCON taking place in South Tyrol, Italy.
Read More
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Read More
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]
Read More
With the EU law proposal “Regulation to Prevent and Combat Child Sexual Abuse” — more commonly know as the EU Chat Control Law — our democracy is threatened from the inside: by our own governments. Citing child protection as the reason, the EU wants to backdoor end-to-end encryption, so they can access and read any […]
Read More
Join our workshops on September 27 and 28 as we come together in Berlin, Germany, for the Nextcloud Community Conference: a weekend of connecting, sharing, and building together. This year, we’re excited to bring you a series of hands-on workshops designed to help you sharpen your skills, explore new ideas, and collaborate with experts. From […]
Read More
Discover how ECOnGOOD uses Nextcloud’s open-source, privacy-first cloud storage and file sharing software to empower NGOs worldwide.
Read More
