Note on the GDPR and US-based cloud servers

9 Pages Posted: 10 Jul 2023

See all articles by Douwe Korff

Douwe Korff

Oxford Martin School - Global Cyber Capacity Centre; Eur. Univ. Viadrina - Centre for Internet & Human Rights; Yale University - Information Society Project; London Metropolitan University

Date Written: November 1, 2021

Abstract

Serious concerns have been raised about the use of US-based clouds and the risk of US intelligence agencies having undue access to data transferred to any US cloud from the EU (or directly accessed – hacked into – by US agencies, even while still in the EU/EEA or while in transit: such direct access is regarded by the EDPB as also constituting, or involving, a data transfer). These concerns also extend to the use of servers in the EU that are managed by subsidiaries of US companies.

The note discusses a number of cases in France, the Netherlands and Germany in which these issues have been addressed, concluding that "the legality of the use of US cloud servers and -solutions remains problematic, at least if the personal data on those servers or processed in the context of the use of those solutions must be available there 'in the clear'”.

Keywords: data protection, EU, GDPR, surveillance, cloud servers

JEL Classification: K19, K29

Suggested Citation

Korff, Douwe, Note on the GDPR and US-based cloud servers (November 1, 2021). Available at SSRN: https://ssrn.com/abstract=4495293 or http://dx.doi.org/10.2139/ssrn.4495293

Douwe Korff (Contact Author)

Oxford Martin School - Global Cyber Capacity Centre ( email )

University of Oxford
34 Broad Street
Oxford, OX1 3BD
United Kingdom

Eur. Univ. Viadrina - Centre for Internet & Human Rights ( email )

Grosse Scharrnstr. 59
Frankfurt (Oder), Brandenburg 15230
Germany

Yale University - Information Society Project ( email )

P.O. Box 208206
New Haven, CT 06520-8206
United States

London Metropolitan University ( email )

London
United Kingdom

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
22
Abstract Views
156
PlumX Metrics