Swiss Data Protection Group Says US Cloud Giants Can't Meet Privacy Standards

The cloud computing space is dominated by a handful of Big Tech players. Amazon Web Services, Microsoft Azure, and Google Cloud together control a large portion of the global cloud market.

These hyperscalers have built their empires on data. The more information flows through their systems, the more valuable their platforms become. This business model creates an exploitative relationship where people's privacy is traded for cheap prices.

Switzerland's data protection authorities have now drawn a line (in Deutsch). On November 18, privatim passed a resolution calling on Swiss government agencies to reconsider their use of international cloud services for handling sensitive data.

Outsourcing of Personal Data is Not Okay

Before you ask, privatim is the Conference of Swiss Data Protection Officers. It brings together data protection authorities from across Switzerland. Do keep in mind that the group's resolutions are not laws, but government agencies typically follow them.

The group's position is clear. Outsourcing sensitive or legally confidential personal data to international SaaS solutions (read: the cloud services providers) is unacceptable in most cases. This applies particularly to services from large providers like Microsoft 365.

They outline that public bodies have a special responsibility for citizen data. When they outsource data processing to third parties, data protection and information security must remain intact. The resolution argues that current cloud services fail to meet these standards.

privatim identified five critical problems with international cloud providers:

• Most SaaS solutions lack true end-to-end encryption.
• Global companies offer insufficient transparency for compliance verification.
• Cloud services create significant loss of control over data.
• Legal uncertainty exists for data under confidentiality obligations.
• The US CLOUD Act allows data access regardless of storage location.

They concluded their resolution by calling for international SaaS solutions to be used only if government agencies encrypt the data themselves. The cloud provider must have no access to the encryption keys.

This requirement effectively rules out most current cloud services for government use.

Suggested Read 📖

Self-Hosting is Rising and Linux Users are Leading This Revolution

Self‑hosting isn’t anti‑cloud; it’s pro‑agency. It’s choosing the right locus of control for the things you care about.

It's FOSSTheena Kumaragurunathan