The 2018 Clarifying Lawful Overseas Use of Data Act [ref] was initiated as a response to Microsoft refusing to provide emails stored on their server in Ireland. The Act seems to have two parts: the obligations of the US companies to provide data even on foreign servers, and also a framework for agreements between US and foreign governments to share such data. Crucially, unless there is such an agreement between the US and another country, citizens such countries countries have no protection under the act, as US companies can be compelled by warrant to provide their information regardless of the laws the country the server is located in.Reuters said:PARIS (Reuters) - France and Germany are stepping up efforts to foster homegrown rivals to U.S. tech giants Amazon and Microsoft in cloud computing, according to a joint statement by the countries’ finance ministries issued on Tuesday.
This dominance is raising concerns in Europe that sensitive corporate data could be spied on in the wake of the adoption of the U.S. CLOUD Act of 2018 and in the absence of any major competitors, with the exception of China’s Alibaba. Amazon’s cloud division has a $600 million contract with the CIA, while Microsoft recently won a $10 billion cloud computing contract with the Pentagon.
“We want to establish a safe and sovereign European data infrastructure, including data warehouses, data pooling and develop data interoperability,” French Finance Minister Bruno Le Maire said in a statement.
Specifically, ‘qualifying foreign government’ is defined as one having an agreement under this law and having their own laws providing ‘substantive and procedural opportunities similar to those’ to those in some sections of the CLOUD Act.(2) MOTIONS TO QUASH OR MODIFY.— (A) A provider of electronic communication service to the public or remote computing service, that is being required to disclose pursuant to legal process issued under this section the contents of a wire or electronic communication of a subscriber or customer, may file a motion to modify or quash the legal process where the provider reasonably believes (i) that the customer or subscriber is not a United States person and does not reside in the United States; and (ii) that the required disclosure would create a material risk that the provider would violate the laws of a qualifying foreign government.
I wonder what kind of legal framework the EU wants and how they view the CLOUD act specifically (this seems like essentially being extorted into agreements in order to even partially provide for their citizens' privacy rights).Science Business said:[ref] The cloud project will be open to other member states, while the European Commission will offer support and advice, the statement says.
Both governments will host a workshop before the end of November 2019, where other interested companies will be invited to provide input. A similar event will be held in Brussels early next year.
Experts from both countries will meet later this year to set up organisational and governance structures for the project.