- American hyperscalers adhere to the US Cloud Act, which goes against Swiss beliefs
- Privatim pleads for true E2EE and more transparency throughout the chain
- US hyperscalers are acceptable if customers can encrypt their own data
Swiss data protection officials have warned public bodies not to use cloud services from industry hyperscalers Microsoft, Amazon and Google, due to the lack of true end-to-end encryption.
This comes as many SaaS providers, particularly those subject to the US Cloud Act, could be required to transmit data to US authorities, even if it is stored in Switzerland.
Cloud providers have also been criticized for not providing enough transparency to verify security, with “long chains of external service providers” further complicating data security.
Switzerland warns against the use of Microsoft 365, AWS and Google Cloud
Privatim, the Swiss Conference of Data Protection Delegates, also warned that the use of SaaS means a significant loss of control for public bodies, which therefore cannot influence the risks to the fundamental rights of citizens.
Ultimately, Privatim says international SaaS providers should not be used for highly sensitive or confidential data unless the government can encrypt the data itself and the provider cannot access the keys.
Switzerland is already known for its strict data privacy laws, and a revision of the Swiss data protection law in September 2023 adds additional requirements for cross-border data disclosure and much more.
The American Cloud Act goes against Swiss standards on confidentiality and sovereignty, in particular because even data hosted in a Swiss region is not safe from the American Cloud Act.
Unrelated to this latest warning, Switzerland already has its own alternative to Big Tech. Proton quickly built a reputation for strong security: the company cannot access user data, even if required by law.
In addition to using Swiss and European infrastructure and adhering to Swiss law, Proton also offers client-side encryption (CSE) and opens sources for parties that do not need protection.
Given that three US hyperscalers account for around two-thirds of the cloud market, this not only makes finding a suitable, compliant alternative slightly more difficult, but it also represents significant growth opportunities for these companies if European data privacy trends continue.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
