EU data protection supervisor sets the standard for data protection with Nextcloud

Beitragsdatum

24. Februar 2023

Autor

Jos Poortvliet

Practicing what it preaches, the EDPS deploys Nextcloud for internal collaboration and makes it available to other EU institutions.

Series of EU flags in front of EU parliament
Photo by Guillaume Périgois on Unsplash

The European Data Protection Supervisor is an independent organisation responsible for monitoring and ensuring EU institutions respect the right to privacy and data protection of citizens. A year ago, in a report on personal information management systems, the EDPS already mentioned Nextcloud as an example of a great solution to manage personal, privacy sensitive data in a responsible way.

Today we are proud to tell you that the EDPS have themselves deployed Nextcloud, and even more, are working with our partner TAS Cloud Services to make it available to all EU institutions! This means the EU now has a powerful, complete collaboration platform that is compliant with EU’s data protection laws and not just endorsed, but used and offered by the EU’s independent data protection supervisor. Let us quote the European Data Protection Supervisor himself, Mr. Wojciech Wiewiórowski:

Open Source Software offers data protection-friendly alternatives to commonly used large-scale cloud service providers that often imply the transfer of individuals’ personal data to non-EU countries. Solutions like this may therefore minimise reliance on monopoly providers and detrimental vendor lock-in. By negotiating a contract with an EU-based provider of cloud services, the EDPS is delivering on its commitments, as set out in its 2020-2024 Strategy, to support EUIs in leading by example to safeguard digital rights and process data responsibly.

Wojciech Wiewiórowski, EDPS

As many of you know, many EU government organisations like in Sweden, France and Germany who are concerned with privacy and security, have been recommending and deploying Nextcloud for years. It is great to see the highest privacy compliance authority in the EU lead this effort now!

The EDPS has deployed Nextcloud to „share share files, send messages, make video calls, and allows collaborative drafting, in a secured cloud environment.“ (emphasis in original quote). To enable the adoption of Nextcloud in the EU, the EDPS worked with us at Nextcloud and our great Partner TAS Cloud Services to improve the integration of Nextcloud with EU login, the European Commission’s user authentication service. The EDPS and TAS Cloud Services will offer other EU institutions, bodies and agencies the same solution as was deployed at EDPS.

That means any EU institute, from the court of justice to the parliament, can now easily have a secure, easy to use, and fully compliant communication and collaboration platform. There is no more need to risk data sovereignty by relying on non-EU cloud platforms!

Nextcloud offers the easiest way to achieve control and digital sovereignty over data and communication for organizations that deal with sensitive or business critical content. As an open source, on-premises collaboration platform it offers transparency and control no non-EU SaaS plaform can deliver. Quoting from the EDPS press release:

By procuring the Open Source Software from one single entity in the EU, the use of sub-processors is avoided. In doing so, the EDPS avoids data transfers to non-EU countries and allows for a more effective control over the processing of personal data.

Interested parties can contact Nextcloud or our partner TAS Cloud Services to deploy a proof of concept of the collaboration platform the EDPS has deployed.