The Verge reports how Microsoft and the US Department of Justice have withdrawn the Supreme Court Case about accessing data operated in different countries. The reason is that everyone accepted the new CLOUD act as good enough, something the Electronic Frontier Foundation strongly disagrees with. What does this mean for European and international companies handling data of European customers? We think that the full access guaranteed to US authorities and law enforcement means no US owned or operated cloud service can legally be used for any privacy-sensitive data of Europeans.
Giving up the fight
With Microsoft and other US cloud companies basically giving up the fight for privacy and security of their users, US legislation guarantees law enforcement and government agencies in general have full access to cloud data hosted by US companies. It does not matter if that data is located in the US, Europe, China or anywhere else. This means European companies who think they are safe and can ignore US law, using for example European-hosted services from US companies, are up for some potentially huge fines under the GDPR (or DSGVO in Germany).
We will not disclose data hosted in Microsoft business services to a government agency unless required by law.
If we are compelled by law to disclose customer data, we will promptly notify the customer and provide a copy of the request, unless we are legally prohibited from doing so.
We know pretty much any request for data of companies or users comes with a so called ‘gag order’, forbidding any communication to the targeted organization or individual, so when the data is given, you won’t know. That’s one big advantage of a local data center: if you’re compelled to hand over data to a government agency, at least you’ll know and can take appropriate measures. And, of course, it can only be the government in the country you’re operating in – not the government of any country your hosting company operates in.
Serious business risk
It should be rather obvious that when the US government can compel Microsoft, Google, Dropbox or others to hand over data of users and businesses (in secret), you can count on other governments to be able to do the same. From Australia to Zimbabwe, if Microsoft wants to have a presence, they have to and promised to abide by local law. And if that law requires them to hand over data and not talk about it, they will.
Perhaps you trust government 100% with the data of your customers. Maybe you don’t. In either case, if data of your customers leaks due to incompetence or malice of any of those governments that can compel your hosting provider to hand over data; or if your customers simply find out you (or your hosting provider) handed over data to the government of Zimbabwe, China, Japan or Monte Negro, lawful or not, they can sue you under the GDPR in Europe.
Nextcloud users know the importance of integrating different systems and tools to create a seamless workflow. Nextcloud Enterprise allows you to integrate with Microsoft environments for file storage, user directory, Outlook, Sharepoint, Windows Desktop, MS Office online server, and Teams. And now, we are excited to announce a new addition to our lineup: the Nextcloud […]
6 years ago, Nextcloud was just a file-sync-and-share solution similar to Dropbox. Today, we are a Content Collaboration Platform giving you a complete online productivity platform with integrated features from Talk, Office, Groupware and hundreds of apps. Every day, you choose us to be your Content Collaboration Platform, and every year we provide you with […]
Now that Hub 4 has been released, it’s time to introduce the Nextcloud Ethical AI Rating. Progressively, there are more and more risks associated with computer intelligence, and as a transparent software company we have the responsibility to intervene and protect our users. Recently, Microsoft laid off its entire ethics and society team, the team […]