The crux of the issue? The US CLOUD Act, passed in 2018, allows US law enforcement to access data stored on servers controlled by American companies, regardless of where those servers are physically located. This includes Swiss tax records and other sensitive data entrusted to platforms like Microsoft and Amazon.
An increasing number of Swiss cantons and local councils are migrating their IT infrastructure to these US tech giants. Blonski contends that many of these migrations occur without a proper, comprehensive assessment of the potential data protection pitfalls.
What was once a cautious approach has given way to a seemingly uncritical adoption. “We’re seeing more and more organisations, at both cantonal and local level, using these products, often without giving it much thought beforehand,” Blonski stated, highlighting the growing complacency.
While storing non-sensitive data like names and addresses in US clouds might not raise immediate concerns, the picture changes drastically when dealing with more confidential information. Blonski emphasizes that foreign providers cannot guarantee the same level of protection as domestic solutions.
The potential consequences are stark. Authorities risk losing control over sensitive information, and those affected – the citizens whose data is compromised – often remain unaware and unable to defend themselves. This erosion of control undermines the very foundation of data protection and privacy.
Encryption as a Potential Shield
Blonski offers a pragmatic, albeit partial, solution: encryption. “If cantons and councils want to go down that route, they can encrypt sensitive data themselves first,” she suggests. By encrypting data before it leaves Swiss shores, authorities can at least make it significantly harder for unauthorized parties to access and decipher it.
However, she also makes it clear that encryption is not a silver bullet. “But ideally, those files should be stored somewhere more secure,” she adds, hinting at the need for more robust, sovereign data storage solutions within Switzerland’s own borders.
This warning comes amid broader concerns about Switzerland’s digital sovereignty, particularly in the realm of artificial intelligence. A related article, “Switzerland must not give in to the Big Tech narrative,” argues for greater independence from tech giants in AI development and deployment.
The challenge, as highlighted in “Switzerland’s uphill climb to AI sovereignty,” is balancing the benefits of readily available US cloud services with the imperative to protect sensitive data and maintain control over its digital destiny.
Blonski’s warning serves as a crucial reminder that convenience and cost-effectiveness should not overshadow fundamental principles of data protection and national sovereignty. As Switzerland continues its digital transformation, the choices it makes regarding data storage and processing will have profound implications for its security, privacy, and autonomy in the years to come.
