With the US judge ruling against Google, will GDPR force European companies to leave the cloud?

You may have heard that the US federal Judge Thomas Rueter has ruled against Google in their refusal to seize personal emails of one of their customer to the FBI based on the fact that these data were stored in an European Data Center.

While in 2016, in a case against Microsoft, a federal judge ruled that US investigators could not force the company to hand over emails stored on a server in Europe (Dublin in that specific case).

Of course, there is much more at stake here than just access to one customer’s email. There is billions of dollars at stake here. Most companies and individuals in Europe are moving their data to the cloud. The biggest cloud services suppliers in the world are American based companies (Amazon, IBM, Google and Microsoft representing together around 50% of the market) and a large number of European companies are outsourcing their services to these vendors. However, the GDPR (the European General Data Protection Regulation, see also Wikipedia for an overview) requires a strong protection of our personal data (including our emails). As US and EU aren’t totally aligned on this matter, most European companies requires their cloud providers to store and process their data in European Data Centers in order to guarantee the European regulation will be enforced.

And now, this new ruling might jeopardize all that (or at least be the start of it). If the sole fact of having an American based company as a supplier can allow US to bypass the GDPR, would European companies still be allowed to use them to store personal data? Would we see European companies and individuals leaving Gmail, Google apps, AWS, Outlook and other related US based services for European based and owned companies? It would be a big mess… and maybe a huge opportunity for some European challengers.

TO BE CONTINUED…