For European cloud users, there is an unsolved, if not unsolvable problem: who owns the data when it matters? While in the European Union there is a demanding set of rules for the protection of personal data in the form of the Basic Data Protection Regulation, and in Switzerland there are comparable principles, in the USA the Cloud Act is the opposite. According to the Act, US authorities can demand that US cloud providers surrender data that they have actually hosted on behalf of their customers in the event of suspicion. This also applies if these data are stored on a server in Europe and therefore not on the territory of the United States. In the event of a case, Google, Amazon or Microsoft would have to do exactly what European law forbids them to do: hand over critical customer data to the US authorities!
Many mid-sized companies don’t feel comfortable with the idea that their data is not stored on a server in their own country. Microsoft, for example, has now opened two data center regions each in Germany (Berlin and Frankfurt) and Switzerland (Geneva and Zurich) and has already established well-known users there in the form of Deutsche Telekom, SAP, UBS and City of Zug. The server farms are called “regions” because they are distributed across several locations in the region and are thus additionally protected against attacks from outside.
While offers like these give the good feeling that the data is now stored in Germany and Switzerland, they still do not provide protection against the US Cloud Act. The only thing that helps is to choose a local provider. However, their equipment is often less advanced than that of Amazon Web Services and Microsoft Azure, for example. A vicious circle.