Last year, the US pulled a new law out of its hat and demonstrated its power. With the Cloud Act, they want to enforce their data law worldwide. The new law is supposed to force the surrender of data. The location of the server no longer plays a role. No matter if the server is located in Switzerland, Holland, UK or the USA. Only a vaguely defined "US connection" of the provider must exist so that the US authorities can take the direct route to the data of the companies. The previous mutual legal assistance route to obtain such information is thus undermined.
To prevent such scenarios, several experts recommend that Switzerland enter into negotiations with the USA to define the rules of the game. The current situation leaves a great deal to be desired. Because the current situation leaves a lot open and an agreement is urgently needed to ensure regulated procedures. If this does not happen, the US authorities will more or less arbitrarily make use of the leeway provided by the Cloud Act. This will also affect Swiss companies that can be proven to have US connections. And this proof seems to be quite simple, it is sufficient, for example, if a Swiss cloud provider advertises its services in the USA.
Or rather, Microsoft is trying to fight back. As the first cloud provider directly affected by the new law, Microsoft decided to fight back. They set six principles for sharing cloud data with government organizations. The aim is to restrict the access of security authorities and strengthen the rights of cloud providers and users. Further, talks for an "agreement for international data retrieval" are now to be pushed forward, but the support of other large cloud providers such as Amazon or Google is missing. Data requests to US companies, meanwhile, appear set to continue rising in 2020, according to the report from Data Protection Notes
It is questionable whether the efforts of Microsoft will bear fruit. The compiled principles may make one sit up and take notice, but that will hardly stop the US authorities from applying the new law. To be honest, marketing such principles is all well and good. However, in my opinion they are rather nice marketing phrases to contain the possible panic in the EU area. And so there is another important criterion when choosing a cloud provider:
How is my cloud provider affected by the Cloud Act? And what impact can it have on my business?
Contact us for more information and help in choosing the right solution for your future IT infrastructure.