While we were busy with GDPR, the US Cloud Act was passed (1/2)

For the past months, we all have been focusing on the GDPR deadline, the 25th of May. In the meantime, the passing of another important new privacy and security legislation, with big implications for European businesses using cloud services from US tech giants, went almost totally unnoticed.

The Cloud Act (Clarifying Lawful Overseas Use of Data) was passed by the US Congress on 22 March, after the criticism of advocacy organizations of human rights, concerned by the violation of privacy. The CLOUD act allows US law enforcement to demand data and emails to be handed over if stored by a US corporation, regardless of where in the world the data is stored. This has serious implications for European organisations using public cloud services.

But, why did this append? Microsoft won a victory in federal appeals court in 2016, invalidating a warrant requiring the company to turn over user emails stored on a server located in Ireland. The case was appealed to the US Supreme Court, where it was heard in late February 2018 with a ruling still pending. The Cloud Act would make easier for US law enforcement agencies to access data stored in overseas cloud servers regardless of the opinion of the organization hosting the data.


What could be done to protect our data?

The Cloud Act constitutes a step backward on the road towards the data protection and the respect of the privacy of users that cannot be ignored. Cloud services from US Digital giants can be cheap or easy to use, and perfect for certain types of data. However, it might not be the right place for all types of data.

Digitally mature organisations have already discovered the advantages with an European provider, editor or integrator, using solutions not only hosted in European Union, but also summited to European regulation. In fact, learning that not all data should be treated in the same way, defining what data should to be stored in local solutions and what can go up in to the cloud becomes imperative for responsible organisations.

In Alinto we host all our solutions in France and under European regulation: professional email, relay antivirus and antispam, SMTP gateways, even our Exchange platform is managed by our teams and according to French regulations.

Furthermore, for companies using Office 365 or Hosted Exchange email services, Netmail solutions allow them to protect and to keep control of the data.

In the next post we will analyse last researches published by Gartner about how to protect properly Microsoft email services.

Stay tuned!