This article is aimed primarily at buyers of cloud services within the public sector.
What is the Cloud Act?
The Cloud Act is an update and clarification of an American law from 1986, the Stored Communications Act (“SCA”). A law that addressed the right of law enforcement agencies to gain access to electronic communications.
Can American authorities request our data?
Yes, the law gives law enforcement agencies this ability, but only in certain cases and with significant limitations. There are many misconceptions that the Cloud Act gives authorities in the United States free access to data stored in Europe.
The Cloud Act does not give law enforcement agencies free access to data stored in the cloud. Legislators in the United States can only compel service providers to provide data if they meet the strict criteria of a warrant issued by an American court.
The ability to request data has attracted a lot of attention, but it is important to remember that most countries in the world make use of the ability to request data from other countries if needed, first and foremost for law enforcement. The Cloud Act differs very little in this way from legislation in Europe.
How does the Cloud Act affect Kundo?
Like almost all other cloud services, Kundo uses some American suppliers for some of our data storage.
The supplier that handles the largest quantity of data is Amazon Web Services (AWS). AWS is one of the world’s two largest players in this field and works actively to ensure its compliance with various laws and regulations, while protecting its customers’ privacy. AWS provides useful general information about the CLOUD Act on this page.
How can we use Kundo despite the Cloud Act?
The key factor in the issue of whether you can use a cloud service for your data is how sensitive that data is and whether it is in fact confidential. So assess whether the service will handle confidential information or not.
For example, the Kundo Forum service primarily handles public information and no confidential data whatsoever should be saved there. Were such information to be published in the forum, then it should be screened.
You can specify a screening period for information in all Kundo’s modules to ensure that personal data is cleared automatically within a certain time.
With the right setup and the right choice of modules you can avoid having to handle confidential information in Kundo.
eSam has also produced a checklist for use of cloud services in the public sector.