Cloud Act - power, coercion and resistance

Feel free to Share this Article:

Sparkler in front of an American flag

Author: Ueli Schwegler

Category: Data security / Cloud

January 24, 2019

Last year, the US pulled a new law out of its hat and demonstrated its power. With the Cloud Act, they want to enforce their data law worldwide. The new law is supposed to force the surrender of data. The location of the server no longer plays a role. No matter if the server is located in Switzerland, Holland, UK or the USA. Only a vaguely defined "US connection" of the provider must exist so that the US authorities can take the direct route to the data of the companies. The previous mutual legal assistance route to obtain such information is thus undermined.


To prevent such scenarios, several experts recommend that Switzerland enter into negotiations with the USA to define the rules of the game. The current situation leaves a great deal to be desired. Because the current situation leaves a lot open and an agreement is urgently needed to ensure regulated procedures. If this does not happen, the US authorities will more or less arbitrarily make use of the leeway provided by the Cloud Act. This will also affect Swiss companies that can be proven to have US connections. And this proof seems to be quite simple, it is sufficient, for example, if a Swiss cloud provider advertises its services in the USA.

Microsoft is resisting...

Or rather, Microsoft is trying to fight back. As the first cloud provider directly affected by the new law, Microsoft decided to fight back. They set six principles for sharing cloud data with government organizations. The aim is to restrict the access of security authorities and strengthen the rights of cloud providers and users. Further, talks for an "agreement for international data retrieval" are now to be pushed forward, but the support of other large cloud providers such as Amazon or Google is missing. Data requests to US companies, meanwhile, appear set to continue rising in 2020, according to the report from Data Protection Notes

Is my provider affected by the Cloud Act?

It is questionable whether the efforts of Microsoft will bear fruit. The compiled principles may make one sit up and take notice, but that will hardly stop the US authorities from applying the new law. To be honest, marketing such principles is all well and good. However, in my opinion they are rather nice marketing phrases to contain the possible panic in the EU area. And so there is another important criterion when choosing a cloud provider:

How is my cloud provider affected by the Cloud Act? And what impact can it have on my business?

Contact us for more information and help in choosing the right solution for your future IT infrastructure.



Ueli Schwegler

Newsletter abonnieren!

Verpasst keine unserer IT-Blogs und erfahrt alserste über Neuigkeiten oder Angebote von Xelon.

Related News

Business IT infrastructure Cloud

New year, new server concept? Cloud computing continues to be an upward trend and helps IT service...

February 8, 2021

2 mins read

Business Cloud

Instead of operating time-consuming and costly workstations for computer-aided design, companies...

July 14, 2020

2 mins read

Data security Cyber-Security

Many companies take years to recover from the consequences of hacks and data thefts, as customer...

January 16, 2021

4 mins read

IT infrastructure Cloud

Just today it was all over the news portals: In a Swisscom glitch, cloud data from several hundred...

July 12, 2019

1 mins read