The EU’s privacy watchdog, the European Data Protection Board (EDPB), has launched joint investigations with 22 national regulators into public sector usage of cloud services.
More than 80 public bodies from across the European Economic Area (EEA) will be investigated, covering sectors from health and education to tax and finance, to ensure compliance with privacy safeguards.
Plans to target public sector cloud services were announced last October, but 15 February marked the beginning of national action.
An EDPB spokesperson said: “Intense preparatory work has been done since October and the EDPB is now implementing the actions at national level. National supervisory authorities will study, in particular, the safeguards implemented when acquiring cloud services, including issues relating to international transfers.”
The move comes as US cloud computing companies such as AWS, Microsoft Azure, Google Cloud, and Oracle have been scrambling for market share in the European data centre market.
Combined with the acceleration of digital transformation brought about by the COVID-19 pandemic, the EDPB is concerned that data protection rules may have been foregone in the rush to facilitate clients as quickly as possible.
The European Union holds all companies who process or control EU residents’ personal information accountable to its General Data Protection Regulation, which came into force in 2016.
When it comes to the large US cloud providers, the EU is concerned by the amount of jurisdiction the US government has in terms of surveillance over these entities and how it could target EU citizens.
The investigation is expected to take up most of 2022, with a “state of play” report set to be published before the year’s end.