I’ve written before on questions about the security and privacy of cloud computing services (where you upload, store and access your data at an online service owned or operated by others), including what country’s laws apply to access of the data. Recently, Bloomberg News reported that Deutsche Telekom sought protection from U.S. laws, including the USA PATRIOT Act, for its data in the cloud.
Now, ZDNet reports that the Netherlands also wants to protect its government data from U.S. laws, and this will affect U.S. cloud services providers:
The Dutch government is to “basically […] exclude” U.S. cloud providers from government IT contracts amid concerns of the reach of the Patriot Act in Europe.
To prevent sensitive citizen data from being compromised by U.S. authorities, the move to bar U.S. companies from providing cloud-based services and data processing capabilities is only a temporary measure until the European Commission changes the data protection laws.
Discussed by the European Parliament’s Privacy Platform earlier this month, the Patriot Act is being investigated by European authorities, after Gordon Frazer, managing director of Microsoft UK, exclusively told ZDNet that the Redmond-based company must comply with Patriot Act requests, and other companies with a U.S. presence must do also. […]
In a written answer to a parliamentary question, Dutch minister Ivo Opstelten asserted that, in response to previous questions (Dutch): “This basically means that companies from the United States in such bids and contracts are excluded.”
Opstelten admitted that while the Dutch government is “experimenting with Google Docs and Dropbox”, though data is believed to be stored on Dutch territory, it is unknown whether they are managed by U.S. companies.
However, “taking into account the possible consequences of the application of foreign law”, the minister said that steps would be taken to prevent U.S. cloud service providers or supplier would be “excluded” from contracts handling government or citizen data.