The EU’s privacy watchdog, the European Data Protection Commission (EDPB), has conducted joint investigations with 22 national regulators into the use of cloud services in the public sector.
More than 80 public authorities from across the European Economic Area (EEA) will be investigated, covering areas ranging from health, education to taxation and finance, to ensure compliance with privacy protections.
Plans to target public sector cloud services were announced last October, but February 15 marked the start of national action.
An EDPB spokesman said: “Intensive preparatory work has been underway since October and the EDPB is currently taking action at the national level. In particular, national watchdogs will study the safeguards taken when purchasing cloud services, including issues related to international money transfers. ”
The move comes as U.S. cloud companies such as AWS, Microsoft Azure, Google Cloud and Oracle are vying for market share in the European data center market.
Combined with the acceleration of digital transformation brought about by the COVID-19 pandemic, EDPB is concerned that data protection rules may have been ignored in a hurry to facilitate customers as quickly as possible.
The European Union requires all companies that process or control the personal information of EU residents to be held accountable to its General Data Protection Regulation, which came into force in 2016.
When it comes to major U.S. cloud providers, the EU is concerned about the amount of authority the U.S. government has in monitoring these entities and how the government can target EU citizens.
The inquiry is expected to last most of 2022, with a “status of operations” report to be published before the end of the year.