European Union Probes Public Sector Use Of Cloud Services

CIO Review Europe | Thursday, April 28, 2022

A coordinated enforcement action focused on public sector bodies’ use of cloud services is kicking off across the European Union.

FREMONT, CA: Local data protection authorities will conduct fact-finding exercises and questionnaires, possibly launch formal investigations if privacy concerns are identified, and contact more than 80 public bodies in various sectors, including health, finance, tax, education, and IT service supply. Last year, the European Data Protection Board announced that it would target public sector cloud services use; today marks the beginning of official action on the national level. By this year, the Board expects to publish a "state of play" report on cloud services use.

As stated by the EDPB, the CEF's purpose is to ensure that EU data protection law is applied consistently by individual supervisory agencies. As part of its surveillance of data protection compliance across the European Economic Area, the European Data Protection Supervisor (EDPS) opened an investigation into contacts between EU institutions and AWS and Microsoft. CEF action is not intended to replace such individual investigations - many of which may still be ongoing - but to complement them and perhaps even drive them because it will focus on government use of cloud services and the details of contracts, which often involve data transfers outside of the EU.

Since the July 2020 judgment by the EU's top court — which annulled a significant data transfer agreement between the EU and the US, escalating the legal ambiguity surrounding transatlantic personal data transfers — cloud connections with US firms have been subjected to increased scrutiny in the EU. Several authorities have found violations of the EU's General Data Protection Regulation (GDPR) linked to popular programs like Google Analytics due to personal data being exported to the United States this year. As a result of this enforcement, GDPR compliance may require EU firms to stop using certain US-based cloud products unless and until adequate additional safeguards can be implemented to protect citizens' data.

 

Read Also

follow on linkedin follow on twitter

Copyright © 2022 CIOReviewEurope. All rights reserved.         Contact         |         Subscribe        

Top