How Can European Firms Legally Use U.S. Clouds To Store Data?

How Can European Firms Legally Use U.S. Clouds To Store Data?

In Europe, a very stringent legal framework is in place with criminal sanction for companies and individuals that break EU data protection laws.

Both Amazon Web Services and Microsoft have recently acknowledged that they would comply with U.S. government requests to release data stored in their European clouds, even though those clouds are located outside of direct U.S. jurisdiction and would conflict with European laws.

There are two important factors affecting the treatment of data. Firstly, knowing where it is physically located, as this determines the legal jurisdiction presiding over that data. For example, data stored in Germany is subject to German and EU law, whereas data stored in the U.S. is only subject to U.S. law.

Secondly, knowing who controls the data is key as some country laws place obligations on companies beyond that country’s borders. For example, since a U.S. company operating in Europe is still subject to the U.S. Patriot Act, the European customers using those services are exposing themselves to U.S. jurisdiction.

European law strictly mandates the treatment of EU private citizens’ data with strong sanctions against breaches. Additionally, there are clear and specific notification requirements if data is shared with third parties.

Sources:
Forbes