How to use your preferred cloud provider whilst maintaining data privacy and sovereignty
Enterprises face a predicament: They want to leverage the productivity and security benefits of global cloud platforms but need to maintain data sovereignty. They are concerned they might face conflicting legal obligations that put the privacy of customers at risk if they choose their preferred cloud provider.
For example, a company based in Europe may find itself in a situation where it’s required to hand over its customer data to the U.S. government. Why? Because: (a) the leading cloud providers are predominantly U.S.-based and subject to various laws requiring cooperation with U.S. local and federal government entities, and (b) there is currently no multilateral privacy framework.
The absence of a global privacy framework has caused governments to take very different legal and policy approaches to data. For example, The European Union has adopted strong privacy protections for its citizens, whilst the United States delegates some privacy issues to the individual state level (e.g., the California Privacy Rights Act, CPRA) while taking some actions at the federal level, such as the U.S. Clarifying Lawful Overseas Use of Data (CLOUD) Act in 2018. In 2021, the European Data Protection Board issued a set of new recommendations for international data transfers, including what kinds of protections are sufficient for protecting private data.
Privacy has become a polarizing issue for these Western allies. The system of national and regional law continues to evolve, and global companies need flexible tools to navigate this changing landscape.
Technology that puts the enterprise at the center of control can, and must be, a core part of the solution. As the EU’s latest recommendations emphasize, “the protection granted to personal data in the European Economic Area must travel with the data wherever it goes.”
This guide will help you understand the various privacy factors at play - the U.S. CLOUD Act, Schrems II, and the General Data Protection Regulation (GDPR) - allowing you the freedom to use your preferred cloud vendor whilst maintaining full control, data sovereignty, and ownership of your data.