• Henry Park

Read the law


There was a recent article (see link) about the US Cloud Act (see link) which is premised upon this overstatement -- "U.S. companies are obliged to provide foreign data to U.S. authorities if asked".


Using this faulty premise, the director general of France's cybersecurity agency asserts that European data needs more protection. He said that for services such as health care and financial services, Europe needs "a rule that only European law is applicable on cloud products certified in Europe."


However, the US Cloud Act does not give carte blanche to US authorities to request any foreign data. It is applicable only to (1) Internet Service Providers (2) where a court has issued a criminal warrant and it (3) it only covers communications—not databases, documents, spreadsheets, or types of electronic documents.


Image by Balasoiu on Freepik.