New European law will start requiring cloud services, like Amazon and Microsoft, to set up safeguards against illegal data transfers to non-EU governments, as the EU continues to rein in US tech giants.
According to reports by Reuters, the European Commission’s Data Act, which is set to be published at the end of this month, will set out rights and obligations on the use of EU data such as smart machinery and consumer goods.
The Data Act goes a step further than current rules on the transfer of personal data outside the 27-country bloc by extending such restrictions to non-personal data.
“Concerns around unlawful access by non-EU/EEA governments have been raised. Such safeguards should further enhance trust in the data processing services that increasingly underpin the European data economy,” the EU document said,.
It said that providers of data processing services will have “to take all reasonable technical, legal and organisational measures to prevent such access that could potentially conflict with competing obligations to protect such data under EU law, unless strict conditions are met”.
EU concerns about data transfers have been growing since former US intelligence contractor Edward Snowden’s revelations in 2013 of mass US surveillance.
Europe’s top court in 2020 scrapped a transatlantic data transfer deal known as the Privacy Shield and relied on by thousands of companies for services ranging from cloud infrastructure to payroll and finance because of similar concerns. The EU and US have been working on a new pact ever since.