The authorities in the Netherlands are taking too great risks, a supervisory authority there recently concluded.
Many are purchasing cloud services from foreign companies – primarily American Amazon, Google, and Microsoft – and are thereby relinquishing control over parts of their own operations.
There is a risk that foreign governments, particularly in the USA, could access or even alter the Dutch government's or private individuals' data, said the authority's spokesperson Ewout Irrgang.
Backing him up
These risks have been actualized by the shift in power in the USA, where President Donald Trump does not hesitate to exert sharp pressure on allies and has gotten the country's most powerful tech leaders to fall in line behind him.
Already during his first term, Donald Trump introduced the legislative package CLOUD, which stipulates that the USA's federal authorities can request that companies operating in the USA hand over data – regardless of where the information is physically stored.
Since Trump returned to power, he has cut back on protective mechanisms intended to ensure that European data flows do not become subject to American mass surveillance.
"Can't do anything"
Tech entrepreneur Bert Hubert, who is also an advisor to Dutch authorities on these matters, describes it as European countries and companies continuing to outsource their systems on a reckless basis. In an interview with tech site The Register, he says that the tech giants may ultimately be forced to comply with the USA's authorities:
Legally speaking, there is nothing Microsoft, Google, or Amazon could do about it. And these days, one can wonder if they even want to do anything about it.
The cloud may already have been drawn into large-scale political pressure. The Trump administration has imposed stricter sanctions on the International Criminal Court (ICC) in The Hague – which is believed to have significant practical consequences for its work, much of which takes place via Microsoft's services.
Great Swedish dependence
Sweden was in 2023 one of the EU countries where most companies purchased cloud services. Swedish companies have also made their operations relatively dependent on these services.
The Tax Authority changed its stance on the cloud last year after a lengthy investigation and will soon begin using Microsoft's services, as Computer Sweden has reported.
There is concern about the global situation – but there is also greater preparedness and awareness than before, says the authority's IT chief Peder Sjölander to the site.
During Joe Biden's time in power, the USA and the EU Commission agreed on a new framework (Trans-Atlantic Data Privacy Framework, TADPF) that was said to ensure that European data flows can pass through servers in the USA without being subject to mass surveillance.
Previous frameworks – "Safe Harbor" and "Privacy Shield" – were legally challenged and deemed inadequate by the EU Court of Justice.
The advisory American authority PCLOB (The Privacy and Civil Liberties Oversight Board) – which is to assist the president in weighing measures against the protection of privacy – has been tasked with ensuring that the USA maintains comparable integrity protection for European personal data. The EU Commission went along with the USA providing sufficient protection, and that decision stands.
According to PCLOB, the USA is following the framework, but activist organizations have questioned this and pointed out that the legislation still allows for data collection.
Since taking office again, Donald Trump has requested the resignation of all Democratic members of PCLOB and promised to revoke many of his predecessor's security orders, several of which provided the basis for the agreement with the EU.
Source: EU Commission, Euronews
