Swiss Data Protection Group Says US Cloud Giants Can't Meet Privacy Standards

Lack of end-to-end encryption makes international cloud services unsuitable, privatim says.
Sourav Rudra
2 min read
Warp Terminal

The cloud computing space is dominated by a handful of Big Tech players. Amazon Web Services, Microsoft Azure, and Google Cloud together control a large portion of the global cloud market.

These hyperscalers have built their empires on data. The more information flows through their systems, the more valuable their platforms become. This business model creates an exploitative relationship where people's privacy is traded for cheap prices.

Switzerland's data protection authorities have now drawn a line (in Deutsch). On November 18, privatim passed a resolution calling on Swiss government agencies to reconsider their use of international cloud services for handling sensitive data.

Outsourcing of Personal Data is Not Okay

Before you ask, privatim is the Conference of Swiss Data Protection Officers. It brings together data protection authorities from across Switzerland. Do keep in mind that the group's resolutions are not laws, but government agencies typically follow them.

The group's position is clear. Outsourcing sensitive or legally confidential personal data to international SaaS solutions (read: the cloud services providers) is unacceptable in most cases. This applies particularly to services from large providers like Microsoft 365.

They outline that public bodies have a special responsibility for citizen data. When they outsource data processing to third parties, data protection and information security must remain intact. The resolution argues that current cloud services fail to meet these standards.

privatim identified five critical problems with international cloud providers:

  • Most SaaS solutions lack true end-to-end encryption.
  • Global companies offer insufficient transparency for compliance verification.
  • Cloud services create significant loss of control over data.
  • Legal uncertainty exists for data under confidentiality obligations.
  • The US CLOUD Act allows data access regardless of storage location.

They concluded their resolution by calling for international SaaS solutions to be used only if government agencies encrypt the data themselves. The cloud provider must have no access to the encryption keys.

This requirement effectively rules out most current cloud services for government use.

Suggested Read πŸ“–

Self-Hosting is Rising and Linux Users are Leading This Revolution
Self‑hosting isn’t anti‑cloud; it’s pro‑agency. It’s choosing the right locus of control for the things you care about.
It's FOSSTheena Kumaragurunathan
News
About the author
Sourav Rudra

Sourav Rudra

A nerd with a passion for open source software, custom PC builds, motorsports, and exploring the endless possibilities of this world.

Read next

Linus Torvalds Defends Windows' Blue Screen of Death

Google's New AI Tool Solves a Problem for Every Lazy Developer

ONLYOFFICE Docs 9.2 Release Brings AI Grammar Checks to the Free Office Suite

"Less Bugfixing Noise": Last Kernel Release of 2025 is Here and it Could be an LTS

Upgrade Your DevOps Skills Cheap: Linux Foundation Cyber Week Brings 65% Off Certifications

Become a Better Linux User

With the FOSS Weekly Newsletter, you learn useful Linux tips, discover applications, explore new distros and stay updated with the latest from Linux world

itsfoss happy penguin

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to It's FOSS.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.