GAIA-X vs the US CLOUD Act

What is GAIA-X?

GAIA-X is a project initiated by Europe for Europe and beyond. Its aim is to develop common requirements for a European data infrastructure with openness, transparency and the ability to connect to other European countries.

Background – US CLOUD Act

In March 2018, the US CLOUD (clarifying lawful overseas use of data) Act was signed into law, allowing US authorities to compel US-based technology companies offering electronic communication services or remote computing services to hand over personal data; it doesn’t even need to be stored in the US. It’s worth noting US law authorities can’t systematically harvest large amounts of data; they can only make targeted, individual requests and will still need a search warrant.

But still, the Act has the potential to impact European/UK civilians profoundly (their personal data could be shared with US authorities) and businesses which could be in danger of sinking into a legal quagmire.

How the Act impacts European/UK companies

Although the CLOUD Act is US legislation, European companies may be required under its provisions to submit information about non-US citizens directly to the US authorities. This conflicts with our own GDPR. A foreign judgment cannot unreservedly be considered grounds for personal data to be transferred; there are several legal ‘get out’ scenarios that can be adopted but companies offering Cloud services in the US are in a legal quandary: should they follow GDPR or The US CLOUD Act?

The need for a new European cloud

American companies such as Google, Microsoft and Amazon dominate the Cloud market at the moment. Europeans are justifiably concerned that by using their services, they fall within this US legislation, and it could become even more stringent in the future. It doesn’t offer the levels of personal data protection GDPR does.

For example, the Dutch Government carried out a data protection impact assessment on their own Microsoft Azure services, concluding the collection, storage and use of data was not GDPR-compliant. This was only remedied when they challenged Microsoft who agreed to some supplementary terms. Microsoft has made these forced changes available worldwide now.

GAIA-X – building a protected future

An open digital ecosystem is needed to enable European companies and business models to compete globally. This ecosystem should allow both the digital sovereignty of Cloud services users and the scalability of European Cloud providers.

GAIA-X connects centralised and decentralised infrastructures to turn them into a homogeneous, user-friendly system. The resulting federated form of data infrastructure will strengthen the ability to both access and share data securely and confidently.

In September 2020, 22 companies and organisations (11 from Germany and 11 from France) signed the notarial founding documents to establish the international non-profit association AISBL. A further 200 companies and research organisations around the world applied to join the association in early January 2021. The set-up process is still ongoing and once legally established, further members will be admitted.

Click here to watch AISBL explain its objectives:

Leave a Reply

Your email address will not be published. Required fields are marked *

Get in touch

We'd love to hear from you. Just give us a call or send an email.