- American hyperscalers follow US cloud legislation, which is contrary to Swiss ideas
- Privatim is committed to true E2EE and greater transparency throughout the chain
- US hyperscalers are acceptable if customers can encrypt their data
Swiss data protection officials have warned government agencies against using cloud services from industrial hyperscalers Microsoft, Amazon and Google because of the lack of true end-to-end encryption.
Many SaaS providers, especially those covered by the US Cloud Act, can even be forced to transfer data to US authorities even if it is stored in Switzerland.
Cloud providers have also been criticized for not providing enough transparency to verify security, and “long chains of third-party service providers” make data security even more difficult.
Switzerland warns against the use of Microsoft 365, AWS and Google Cloud
Privatim, the conference of Swiss data protection supervisory authorities, also warned that the use of SaaS means a significant loss of control for public authorities and that they cannot influence the risks to citizens’ fundamental rights.
Ultimately, Privatim says international SaaS providers should not be used for highly sensitive or confidential data unless the government can encrypt the data itself and the provider does not have access to the keys.
Switzerland is already known for its strict data protection laws, and a review of Swiss data protection legislation in September 2023 will add additional requirements for cross-border data disclosure and much more.
The US cloud law violates Swiss data protection and sovereignty standards, in part because even data stored in a Swiss region is not protected by the US cloud law.
Despite this latest warning, Switzerland already has its own alternative to Big Tech. Proton quickly gained a reputation for providing strong security: the company does not have access to user data, even when required by law.
In addition to using Swiss and European infrastructure and complying with Swiss law, Proton also offers client-side encryption (CSE) and open source code for parties that do not need protection.
With three US hyperscalers representing around two-thirds of the cloud market, it is not only slightly more difficult to find a suitable and compatible alternative, but also presents significant growth opportunities for these companies if European data protection trends continue.