German government US authorities have access to EU cloud data (heise.de) (www.heise.de)

A recently released legal assessment from the University of Cologne, commissioned by the German Interior Ministry, reveals that U.S. authorities have significant access to cloud data stored in European data centers. This report highlights critical concerns regarding digital sovereignty in Europe, revealing that U.S. laws, such as the Stored Communications Act and the Foreign Intelligence Surveillance Act, empower U.S. agencies to compel cloud providers to release data regardless of its physical location. Consequently, U.S. jurisdiction extends to not only American companies but also affects European firms with ties to the U.S., presenting a serious risk of data access across the European market. The findings underline the complicated legal landscape faced by cloud service providers, emphasizing that even technical measures like encryption do not exempt companies from compliance with U.S. data requests. Despite the European General Data Protection Regulation (GDPR) allowing authorities to block such disclosures, the assessment calls for the development of robust European alternatives to enhance digital sovereignty. While some legal experts maintain that using services like Microsoft 365 can still be compliant with data protection laws, the overarching challenges posed by U.S. extraterritorial jurisdiction require businesses to remain vigilant in their compliance strategies, potentially needing to carry out data protection impact assessments in high-risk scenarios.