EU launches investigation over use of cloud services by public sector
The EDPB said the probe will cover over 80 public bodies across the European Economic Area (EEA), including EU institutions, in sectors such as health, tax, finance, education, and providers of IT services.
The public bodies explored will be subject to fact-finding exercises, questionnaires, and even formal investigations if privacy concerns are identified.
The investigation follows the EDPB’s October 2020 announcement that it was setting up a ‘Coordinated Enforcement Framework’ (CEF) which aims to streamline enforcement and cooperation among supervisory authorities.
A Supervisory Authority (SA) is responsible for administering Data Protection Laws under the EU. The SA will focus most on public bodies’ challenges with General Data Protection Regulation (GDPR) compliance when using cloud-based services, such as the process and safeguards implemented when taking on cloud services, challenges with international transfers, and the provisions governing the controller-processor relationship.
According to EuroStat, cloud uptake by enterprises doubled across the EU in the last six years. The COVID-19 pandemic has only boosted digital transformation of organisations with many public sector organisations turning to cloud technology.
This digital transformation raises concerns to public sector organisations in that they may face difficulties in installing products and services that comply with EU data protection rules.
The SA’s aim to give guidance and take action to promote best practices and ensure that the protection of personal data complies with the rules.
US cloud computing companies such as Amazon’s AWS, Alphabet’s Google, Oracle, and Microsoft’s Azure have been building data centres across Europe in response to growing demand from private and public sector organisations.
The report on the outcome of the investigation is said to be published by the Board before the end of 2022.
Subscribe to our Editor's weekly newsletter