- US hyperscalers comply with the US Cloud Act, which goes against Swiss beliefs
- Privatim is in favor of true E2EE and more transparency across the chain
- US hyperscalers are acceptable if customers can encrypt their own data
Swiss data protection officials have warned public bodies not to use cloud services from industry hyperscalers Microsoft, Amazon and Google due to a lack of true end-to-end encryption.
This comes as many SaaS vendors, especially those that fall under the US Cloud Act, may be required to hand over data to US authorities, even if it is stored in Switzerland.
Cloud providers were also criticized for not offering enough transparency to verify security, with “long chains of external service providers” further complicating data security.
Switzerland warns against using Microsoft 365, AWS and Google Cloud
Privatim, the conference of Swiss data protection officers, also warned that using SaaS means a significant loss of control for public bodies, meaning they cannot influence risks to citizens’ fundamental rights.
Ultimately, Privatim says international SaaS providers should not be used for highly sensitive or confidential data unless the government itself can encrypt the data and the provider cannot access the keys.
Switzerland is already known for its strict data protection laws, and a revision of the Swiss Data Protection Act in September 2023 adds additional requirements for cross-border transfer of data and more.
The US cloud law goes against Swiss standards of privacy and sovereignty, especially because even data hosted in a Swiss region is not immune from the US cloud law.
Unrelated to this latest warning, Switzerland already has its own homegrown alternative to Big Tech. Proton has quickly gained a name for strong security – the company cannot access user data even if it was required by law.
In addition to using Swiss and EU infrastructure and complying with Swiss law, Proton also offers client-side encryption (CSE) and open sources for the parts that do not need to be protected.
With three US hyperscalers accounting for roughly two-thirds of the cloud market, this not only makes finding a suitable and compatible alternative a bit more challenging, but represents significant growth opportunities for these companies if European data protection trends continue.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
