Why U.S. Software Companies Don’t Have to Protect Our Data

Flaws such as the CLOUD Act’s ability to undermine the Privacy Shield mean our data can be sent to U.S. authorities and companies

Since COVID-19, millions of people have been working from home. U.S. software providers such as Zoom and Skype are experiencing a boom thanks to a spike in videoconferencing. But what many people don’t know is that the Privacy Shield framework installed in 2016 offers no protection against U.S. companies spying on our personal data. In fact, the Clarifying Lawful Overseas Use of Data (CLOUD) Act, a U.S. federal law enacted in 2018, legitimizes it.

The Problem With the CLOUD Act

The main problem is that the CLOUD Act mandates that U.S.-based software companies and IT service providers must guarantee authorities access to all stored data, even if that data is stored on European servers. What’s more, the legislation protects U.S. service providers against having to inform their customers that their data has ever been requested, even when the European companies involved exercise their right to object to the data transfer.

The U.S. government can also choose to share that data from European servers with other U.S. companies. This means that sensitive company information and research can be passed on to the competition. It’s essentially authorized spying.

Online Conferences a Risk Factor for Data

Of course, videoconferencing is the obvious risk factor for instances of data spying right now. Zoom, in particular, has been criticized recently. “Zoom is a US-based company with connections to China. Its call encryption methods are less than adequate, so we can safely assume third parties are able to decrypt intercepted data traffic,” said Andreas Czak from Epicenter Works, an Austria-based fundamental rights NGO with a focus on privacy and freedom of speech on the internet. “Contrary to the claim that end-to-end encryption is used, Zoom has access to all communicated content. If Zoom is used, you can’t rule out that content from conversations happening in the U.S. and China will be accessible to Zoom employees (and also to the secret services). So you shouldn’t use Zoom for confidential communication.”

There’s a reason why NASA and the space company SpaceX have already banned their employees from using Zoom.

Zoom is the Tip of the Iceberg

Frankly, Zoom is just the tip of the iceberg of all the other U.S.-based companies to which the flaw of the CLOUD Act applies. Even if the 2016 Privacy Shield framework should protect data on European servers from being spied on by the U.S. government, the CLOUD Act enacted two years later in 2018 commands exactly the opposite. For this reason, European users of all U.S. internet products must assume that their data can end up in the hands of U.S. companies without a court order.

Our privacy, company secrets and personal information are only secure with providers that have a European headquarters. Everyone should favor E.U. providers—on one hand, because of data protection, but on the other, to prevent new ideas and innovations from making it into the hands of large U.S. corporations. The CLOUD Act makes it possible for every good idea to be picked up in no time by U.S. competition.

Avatar photo

Robert E.G. Beens

Robert E.G. Beens is the CEO and co-founder of Startpage, and a recognized privacy expert and advocate. At Startpage, Beens oversees operations, product development, technology, and finance. Beens founded Startpage, formerly metasearch engine Ixquick, in 2006. The world’s first private search engine, Startpage was designed to give users more control and ownership over their data and the engine sees millions of searches per month. Based in the Netherlands, Beens has helped lead the global charge towards protecting consumer privacy. He was one of the first to understand the consequences of Big Tech data collection and profiteering on the Internet, and has built a profitable business without tracking, logging or sharing user search data.

robert-e-g-beens has 1 posts and counting.See all posts by robert-e-g-beens