* Posts by Secon

2 posts • joined 23 Nov 2020

UK government puts £750m on the table as it looks to deal directly with cloud providers

Secon

Whilst the first part of that might appear to favour AWS:

"The government only wants bids from providers with "full and exclusive control" of the infrastructure that underpins their platforms"

The latter part rules out just about every hyper cloud player "which are capable of providing the services primarily from within the UK".

This is potentially just as well IF the UK want to retain any alignment with Europe (but perhaps not if they don't?

European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices

Secon

Re: What about Office Suites?

It is often assumed that because you seect a UK/EEA region in a cloud provider that your data stays there.

Sadly this is not the case, and even if it were the physical location of data is less important than you may assume.

The Microsoft Terms if Service very clearly state that they can move your data internationally including to countries that do not meet EU requirements for data protection; the systems are in part administrated from outside of EEA and some if the core services within the M365 stack are only available outside of EEA (and your data moves there for processing).

Finally the extra-territoriality of some US legislation means that even if none of the above were true your data is still exposed to disclosure to US authorities.

I’m sorry to say therefore that your assumptions around residency and data protection are quite wrong - though you are correct that for some sectors at least the rules of Data Protection shall change again in January, but sadly these shall become MORE complex, not less.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021