News

Berlin’s Data Protection Chief urges data withdrawal from US Clouds

In Berlin, the first tangible consequence of the ECJ's ruling against the EU-US Privacy Shield puts organizations on the spot. There is a way out - best-of-breed open-souce software hosted on-premises or in private clouds.

By ownCloud

After last week’s ruling from the European Court of Justice striking down the privacy shield data transfer agreement between the EU and the US, Berlin’s chief data protection officer Maja Smoltczyk now urges (text in German) organizations to repatriate personal data currently stored with US cloud providers. The court had found that US government agencies have simply too much access to data about European citizens stored with US tech companies, violating the Charter of Fundamental Rights of the European Union and the extensive data privacy rights enshrined in the GDPR. While standard contractual clauses remain valid as a legal means to transfer personal data to processors established in third countries, the court makes this practice conditional on those third countries guaranteeing a right to data privacy comparable to those in Europe. In essence, organizations from now on have to process user data in European clouds or those of demonstrably similar data privacy. They also have to avoid data centers on European soil run by US providers, because access for US government agencies cannot be ruled out. Organizations can make sure they comply not only with the letter but also with the spirit of the law by storing user data encrypted with robust access control and auditing whether on-premises or in a private cloud in Europe. ownCloud is proud to enable digital sovereignty with its secure, efficient and open-source file access platform. Our action plan for those affected: 1. What the court said The European court of justice invalidated Privacy Shield, the agreement about data transfers between the EU and the US, because the US government infringes on the data protection rights of European citizens. Until the US has a data privacy law on the books that is comparable with GDPR and has drastically curbed the snooping powers of its agencies, user data cannot be transferred there. 2. What that means Organizations can no longer use US clouds to process the personal data of European Citizens. That includes Microsoft365 as well as Google Drive and other cloud offerings from US providers. They can however still use on premises integrations like Microsoft OOS and SharePoint, for which support ends in 2025 and 2026 respectively. 3. What to do Some Organizations are now stranded with an unlawful setup and need to devise a sovereign stack strategy. Some products have natural replacements: With Microsoft365 out of bounds, its browser-based on-premises cousin, Microsoft Office Online Server, can still be used lawfully. Also, there are options beyond the US tech behemoths to choose from. The European tech ecosystem has grown nicely. By leveraging best-of-breed open-souce software hosted on-premises or in private clouds, organizations gain added security and efficiency. 4. What we provide ownCloud offers a suite of integrations to build a fully functional sovereign workspace. To let small and medium organizations start today and collaboratively edit documents tomorrow, we offer ownCloud.online, our ownCloud as a Service fully compliant with GDPR. For your larger projects please contact us.

After last week’s ruling from the European Court of Justice striking down the privacy shield data transfer agreement between the EU and the US, Berlin’s chief data protection officer Maja Smoltczyk now urges (text in German) organizations to repatriate personal data currently stored with US cloud providers.

The court had found that US government agencies have simply too much access to data about European citizens stored with US tech companies, violating the Charter of Fundamental Rights of the European Union and the extensive data privacy rights enshrined in the GDPR.

While standard contractual clauses remain valid as a legal means to transfer personal data to processors established in third countries, the court makes this practice conditional on those third countries guaranteeing a right to data privacy comparable to those in Europe.

In essence, organizations from now on have to process user data in European clouds or those of demonstrably similar data privacy. They also have to avoid data centers on European soil run by US providers, because access for US government agencies cannot be ruled out.

Organizations can make sure they comply not only with the letter but also with the spirit of the law by storing user data encrypted with robust access control and auditing whether on-premises or in a private cloud in Europe. ownCloud is proud to enable digital sovereignty with its secure, efficient and open-source file access platform.

Our action plan for those affected:

1. What the court said
The European court of justice invalidated Privacy Shield, the agreement about data transfers between the EU and the US, because the US government infringes on the data protection rights of European citizens. Until the US has a data privacy law on the books that is comparable with GDPR and has drastically curbed the snooping powers of its agencies, user data cannot be transferred there.

2. What that means
Organizations can no longer use US clouds to process the personal data of European Citizens. That includes Microsoft365 as well as Google Drive and other cloud offerings from US providers. They can however still use on premises integrations like Microsoft OOS and SharePoint, for which support ends in 2025 and 2026 respectively.

3. What to do
Some Organizations are now stranded with an unlawful setup and need to devise a sovereign stack strategy. Some products have natural replacements: With Microsoft365 out of bounds, its browser-based on-premises cousin, Microsoft Office Online Server, can still be used lawfully. Also, there are options beyond the US tech behemoths to choose from. The European tech ecosystem has grown nicely. By leveraging best-of-breed open-souce software hosted on-premises or in private clouds, organizations gain added security and efficiency.

4. What we provide
ownCloud offers a suite of integrations to build a fully functional sovereign workspace. To let small and medium organizations start today and collaboratively edit documents tomorrow, we offer ownCloud.online, our ownCloud as a Service fully compliant with GDPR. For your larger projects please contact us.

ownCloud

July 22, 2020

Ready to see what’s next?

Having trouble viewing or submitting this form?

Contact Us

We care about protecting your data. Here’s our Privacy Policy.

Read now:

The interconnectedness of all things

The interconnectedness of all things

In the November issue of ownCloud monthly, we talk about remote education, swapping email attachments with secure file links automatically, modular auth with OpenID Connect, Vue.js, deepened partnerships and the path to digital sovereignty.

read more
Ok, Go: New language, new partners

Ok, Go: New language, new partners

In September, we presented cool new partnerships that will make our upcoming ownCloud Infinite Scale work nicely with key open-source productivity suites. We explained our reasoning in switching to Go and how to get started with ownCloud using a virtual machine appliance.

read more
Remote education: Choose these 3 tools for distance learning

Remote education: Choose these 3 tools for distance learning

Call it virtual classroom, remote education or distance learning – if you want to teach partly or completely remote, you’ll need the right tools. We recommend three helpful open-source platforms that can help educators avoid high costs, data privacy nightmares and vendor lock-ins.

read more