Amazon released new transparency data this weekend in its bi-annual transparency report, citing a record number of international government data demands in the second half of 2020.
According to the report, Amazon processed 27,664 government demands for user data, which includes data on customer shopping searches as well as data from Amazon Echo and Ring devices. The report shows an 800% spike in requests, up from only 3,222 data demands in the first six months of 2020.
Of the government requests, Germany made 42% of all requests, followed by Spain (18%) and the U.S. (11%).
Key Players Are U.S.-Based Cloud Companies
In the wake of COVID-19, governments and businesses alike increasing use of cloud technology and services. Cloud services offer many advantages, from accessing your company’s files or email from anywhere to purchasing applications and software ‘on demand’ in lieu of needing to purchase expensive individual software or hardware packages. Companies like Google, Oracle, Microsoft, Amazon, and IBM are constantly developing new technologies to sync the world into a convenient, communal virtual workplace.
European Regulators Express Concern Over Lack of Exclusive Privacy Jurisdiction
Many non-U.S. regulators, however, have concerns that U.S. cloud companies like Google, Oracle, Microsoft, Amazon, and IBM are not exclusively subject to European data protection law, such as the General Data Protection Regulation 2016/679 (“GDPR”), a regulation in European law on data protection and privacy in the European Union and the European Economic Area. U.S.-based cloud companies are also subject in the U.S. to the Clarifying Lawful Overseas Use of Data Act (the “CLOUD Act”), which amends the Stored Communications Act of 1986 allowing federal law enforcement agencies to compel U.S.-based cloud companies to issue warrants or subpoenas to request stored data regardless of whether the data is stored on U.S. or foreign soil.
The Amazon report does not comment on the cause of the sharp rise in government information demands, however, German government authorities have expressed increasing concerns over the storage of sensitive data with U.S.-based cloud providers, citing concerns of a lack of exclusive jurisdiction and Europe’s dependency on U.S.-based cloud companies.
European Privacy Dependency on U.S. Cloud Providers
While foreign governments may be making more use of cloud technology and services, Europe is still heavily dependent on U.S.-based cloud companies to do so. Take, for example, the German Federal Police using Motorola devices and Amazon services to store bodycam footage in the absence of a European cloud provider alternative, because Amazon was the only company in Germany with a certificate from the Federal Office for Information Security. According to research conducted by the think tank Ceps, approximately 90 percent of the world’s Western data is stored in U.S.-based data centers.
Meanwhile in the U.S., Ring, the video doorbell and home security startup company that Amazon purchased for $1 billion, now has 2,000 law enforcement partners, allowing police departments across the United States to access homeowners’ doorbell camera footage.
If you have questions about developing or updating your company’s cybersecurity standards, legal guidelines, and/or compliance programs, call The Law Offices of Angela C. Schulz, PLLC today at 704-755-5254 or email firstname.lastname@example.org to schedule an initial consultation.
About the Author:
Angela Schulz is the Managing Attorney of The Law Offices of Angela C. Schulz, PLLC in North Carolina and practices data protection and information technology law. She practices corporate law for U.S.-based SMEs, serving the international needs of clients and negotiates domestic and cross-border transactional matters in a variety of industries, including technology, hospitality, pharmaceutical, healthcare, financial services, biotechnology, real estate, and energy infrastructure.