America’s CLOUD Act violates EU’s GDPR

Latest News

Beautiful-Templates.com Joomla Extensions - Joomla Templates

America’s CLOUD Act violates EU’s GDPR

Category: May 2018 - Cybersecurity & Data Protection

In the US, President Donald Trump just signed the Cloud Act, a law that leads to violations of the GDPR of the EU. The abbreviation stands for the Clarifying Lawful Overseas Use of Data Act (CLOUD), which complements the existing Stored Communications Act (SCA).

The new law requires Internet companies in the US to give US security agencies access to users' data - even if the data is not stored in the US.

Conversely, the CLOUD Act also provides foreign security agencies with the ability to access US user data directly and interested states can conclude a bilateral agreement with the USA to get access.

One of the reasons for this is said to be Microsoft's refusal to provide customer data stored in Ireland to US security authorities, which started a long-running legal battle between the United States and Microsoft Corp. The conflict ended at the US Supreme Court, the highest US court, and Microsoft has been dismissed by the Supreme Court by now. However, the question that arises now is how the Supreme Court will deal with the fact that the new law now expressly permits something to be judicially decided upon first.

In circles of experts, the verdict has been expected for a long time, since it has a huge impact on data protection. If data stored outside the United States really must be releases by US companies to US authorities at any time, this is a clear violation of the provisions of the General Data Protection Regulation (GDPR) that protects the data of EU citizens - wherever they are stored - even from access by public authorities.

The consequence of this is that a US online service can no longer legally be used by an EU company, as a breach of EU law, the GDPR, is inevitable. Nor are the effects on the US-EU Privacy Shield yet foreseeable. So far, EU data can be transmitted to US companies that have joined the ‘Shield’ because the level of data protection has been aligned with that of the EU. But the CLOUD Act means that the level no longer corresponds to that of the EU.

Consequently, the CLOUD must lead to online-based US services being regarded as insecure and not in compliance with data protection. To our knowledge, the EU has not responded, yet, but is expected to do so and we will see how the topic evolves. Tech companies, advocates and lawmakers worldwide are impatiently watching.

By Daniela La Marca

Latest News

Messengers and social media can serve to disclose personal data

Not all data is created equal

What needs to be considered in terms of data protection when cooperating with freelancers

Growing security risks to drive APAC managed security services revenue to US$17bn in 2024

The importance of E-A-T in content creation

List of Asian countries most at risk of RDP brute-force attacks

Malaysia successfully fighting streaming piracy

Novel Linux malware targets VoIP softswitches

Manipulated language AI can write manifestos that appear human and radicalize automatically

Sentryc stops product piracy on the internet

Fileless malware continues to grow

Competitive advantage of cybersecurity often still undervalued

Apple operating system increasingly the target of malware

ConnecTechAsia announces headliners and themes for virtual conference

10 golden rules for a safe home office

ioGates ultra secure content sharing service adds desktop app and smart link sharing

Privileged accounts remain a popular gateway for hackers

Thycotic deploys advanced machine learning to control dangerous applications on endpoints

It’s not about technology, but people

How and especially why do human beings select or decide against a product or service?

America’s CLOUD Act violates EU’s GDPR

May 2018 - Cybersecurity & Data Protection

Latest News

May 2018 - Cybersecurity & Data Protection

About Us

Contact Us