Data with no borders: What the US CLOUD Act means for your UK data?
31 January 2020, 09:55 GMT
By Adam Flynn
A new landmark agreement in the United States has been causing much debate, with the worlds first ever CLOUD Act agreement enabling US authorities to demand data directly from US tech companies, without legal barriers.
What is the CLOUD Act?
The CLOUD Act (Clarifying Lawful Overseas Use of Data Act) regulates how US citizen and company data, that is physically stored outside of the US is handled. Those who handle US data must do so according to the laws of the USA, with the new act allowing US authorities to access all types of data, whether personal or not.
Although primarily effecting US Internet, service and cloud providers or their European branches, The CLOUD Act also applies to European customers of US companies whose data maybe processed and stored by a US company, such as Google, Amazon AWS and Microsoft Azure. But what does this mean for your data?
An attack on privacy?
Knowing who has access to your data, and your clients data is a key component of the newly enforced GDPR laws, which are strictly regulated throughout Europe. However, the CLOUD Act actively contradicts these privacy laws, by allowing US Authorities unlimited access to UK and European corporate data, if stored and processed by a US company.
Although implemented as means of assisting in serious criminal investigations and terrorism, the CLOUD Act itself has potentially created new security flaws when it comes to the protection of data. By granting insecure or unencrypted access to authorities, ‘backdoors’ may be opened that would create vulnerabilities that at some point are likely to be discovered and taken advantage of by unauthorised third-parties, potentially putting millions at risk.
Quite simply, only IT service providers and cloud providers with headquarters and data centres in Europe, can offer true maximum security to UK and European businesses. Processing data in Europe alone is not sufficient for effective legal protection, it not only comes down to the location of the service, but also who stores and processes it.
Any business looking to store their data remotely would be well advised to do their research into the organisational set up of the service providers, and should question who has possession, custody and control of the data.
How EBC Group can help?
EBC Group understand your data is important, and our data centres are all based at in the UK, with our Primary data centre located within Telephone house at the Birmingham BT Tower and secondary data centres in the West Midlands and Bristol. They are all privately owned meaning we don’t outsource any services to a third-party, ensuring we have access to your data and systems 24/7.