- American hyperscalers adhere to the US Cloud Act, which goes against Swiss beliefs
- Privatim is advocating for true E2EE and more transparency across the chain
- American hyperscalers are acceptable if customers can encrypt their own data
Swiss data protection officers have warned public bodies not to use cloud services from industry hyperscalers Microsoft, Amazon, and Google, due to a lack of true end-to-end encryption.
This comes as many SaaS vendors, especially those falling under the US Cloud Act, could be required to hand over data to US authorities, even if it’s stored in Switzerland.
Cloud providers were also criticized for not offering sufficient transparency to verify security, with “long chains of external service providers” further complicating data security.
Switzerland warns against using Microsoft 365, AWS, and Google Cloud
Privatim, the Conference of Swiss Data Protection Officers, also warned that using SaaS means a significant loss of control for public bodies, meaning they cannot influence risks to citizens’ fundamental rights.
Ultimately, Privatim says that international SaaS providers should not be used for highly sensitive or confidential data unless the government can encrypt the data itself, and the provider cannot access the keys.
Switzerland is already known for its strict data privacy laws, and a Swiss Data Protection Act revision in September 2023 adds further requirements for cross-border data disclosures and more.
The US Cloud Act goes against Swiss standards for privacy and sovereignty, particularly because even data that’s hosted in a Swiss region is not immune from the US Cloud Act.
Unrelated to this latest warning, Switzerland already has its own, home-grown alternative to Big Tech. Proton has quickly gained itself a name for strong security – the company cannot access user data, even if it were required to by law.
Besides using Swiss and EU infrastructure and adhering to Swiss law, Proton also offers client-side encryption (CSE) and open sources the parts that don’t need to be protected.
Being that three American hyperscalers account for around two-thirds of the cloud market, not only does this make finding a suitable and compliant alternative slightly more challenging, but it represents significant growth opportunities for those companies if European data privacy trends continue.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
