Objectives of the report:

Many professionals working in IT will by now have heard of the CLOUD act, but far fewer are really clear about what it means for them, their customers and their end-users. The joint purposes of this report are to:

  • clarify the implications of the CLOUD act for cloud services use to IT users and IT suppliers
  • suggest potential approaches to enable organizations to enjoy the benefits of cloud services while adhering to typical European privacy requirements



teknowlogy’s Analysis

  • Management summary
  • teknowlogy’s opinion
  • teknowlogy’s recommendations

What is the CLOUD Act?

Background and Market Context

  • Dominance in Europe of US cloud computing providers
  • Emerging anti-globalist sentiment in European markets
  • Data privacy within Europe
  • GDPR limitations on transfer of personal data from the EU and EFTA to other locations

Implications for the EU and EFTA Markets

  • IT and communications service provider perspective for EU and EFTA
  • IT user perspective for EU and EFTA

Implications for the UK Market

  • The US-UK Bilateral Data Access Agreement
  • IT and communications service provider perspective for UK
  • IT user perspective for UK

Ecosystem Positioning

  • US-domiciled cloud vendors' positions
  • EU- and EFTA-domiciled cloud vendors' positions
  • UK-domiciled cloud vendors' positions

CLOUD-Act Equivalents in Other Markets

  • EU Rules for E-Evidence
  • The Cybersecurity Law in China

What to Do About the CLOUD Act and Equivalents

  • Be clear what you’re protecting and why
  • Be clear what you’re protecting against
  • Choose partners with due consideration to their locations
  • Remember that data access requests are inescapable
  • Consider how you use encryption