CLOUD ACT ALTERNATIVE FOR CLOUD STORAGE
A cloud act alternative for those who are not comfortable with the lack of security the cloud act entails. What would such a solution include?
When you store data on a cloud server, it falls under the jurisdiction of the country where the parent company is registered. This means most cloud services are governed by US law.
Swedish law is, from a privacy perspective, better suited for cloud storage than many other countries. Being a European country, a Swedish cloud storage solution has to comply with GDPR regulations. But it has not to comply with the CLOUD Act.
US law differs from European and Swedish law
About the same time as the European GDPR was introduced, the CLOUD Act was passed into US law. The CLOUD Act means that “a provider of electronic communication service or remote computing service shall comply with the obligations of this chapter to preserve, backup, or disclose the contents of a wire or electronic communication and any record or other information pertaining to a customer or subscriber within such provider’s possession, custody, or control, regardless of whether such communication, record, or other information is located within or outside of the United States.”.
This is worth considering for anyone who stores sensitive information in the cloud. The CLOUD act basically gives the US Government the right to access all your information on your server.
Do not get GDPR and the CLOUD Act mixed up
Few businesses are aware that business critical information is placed under US law if it is stored in foreign cloud services. What even fewer are aware of is that US law cannot be negotiated away in terms and services agreements.
To meet the requirements of the GDPR US cloud services have been forced to offer EU-based storage to European businesses. What many businesses fail to realize is that the cloud storage provider, though a European subsidiary, still is under US law, even though the actual storage is placed in European server farms.
In other words: the US authorities have the right to get access to your data if you store it on a server owned by an American company.