- 17-12-21Wij werken gewoon thuis door
- 05-11-21Mond- en neusmasker vanaf 6 november bij BIT verplicht
- 14-10-21Nationale Datacenter Dag 9 november 2021
- 12-10-21Plaatsing nieuwe drycooler voor BIT-2A
- 03-08-21Wegwerkzaamheden BIT-2 van 16 aug tot en met 25 sep
- 23-07-21DDoS aanvallen naar BIT infra
- 25-06-21Mond- en neusmasker niet meer verplicht bij BIT
- 14-04-21Untangle haalt de complexiteit uit netwerkbeveiliging
- 03-03-21Vacature Netwerk Engineer
- 02-03-21Update RFO netwerk incident 17 februari 2021
AVG: Dutch CIOs vs. US cloud providers
An article recently appeared on fd.nl in which the chairman and director of the CIO Platform Nederland indicates that their members are unable to comply with the privacy law because their cloud suppliers do not comply with the GDPR. 130 Chief Information Officers from the largest Dutch companies and institutions have united in the CIO Platform. According to the article, the cloud suppliers these 130 organizations do business with are Google, Amazon and Microsoft. The CIOs believe that it is not they who are to blame for their non-compliance with the GDPR, but that their cloud providers are. But is that really the case or can an important part of the blame be found looking in the mirror?
It cannot come as a surprise that American tech companies have different ethics in the field of privacy and personal data than we do in Europe. We have known for at least ten years that Google and privacy does not mix well, haven't we? It is well known that privacy is a complicated topic for an advertising company. We also all know about the privacy scandals Amazon has faced. The members of the CIO Platform will probably have asked their voice assistant the question: "Alexa, are you invading my privacy?".
Personal data customers
You can expect companies that have made a business model of the sale and analysis of personal data that they have the same attitude towards personal data within other branches of the company. Nevertheless, the CIOs of the largest Dutch organizations choose to entrust these IT companies with the personal data of their employees and customers. Incidentally, without informing those customers (and presumably also without informing the employees) that they have their personal data processed by a company that they know does not comply with the privacy law.
The CIOs complain that they are not in a good bargaining position with the three US hyperscalers, but no one is forcing them to do business with these parties. Vote with your wallet, dear CIOs. The 130 members of the Platform have a combined turnover of several tens of billions of euros, if not more. If Amazon, Google and Microsoft turn their noses up at that, then there are all kinds of European cloud suppliers who want to be of service to these 130, who do care about the GDPR and where they do have a say in the processing agreement.
However, the director of the Platform believes that voting with your wallet is 'extremely expensive and time-consuming'. It sure is, if you want to get out of the hyperscaler ecosystem, but that too should come as no surprise. Undoubtedly, many of the 130 were warned of vendor lock-in when they were about to sign the contract for their cloud services. They have been warned about the unclear pricing mechanisms that Microsoft and Amazon utilize. Someone told them it's cheap to bring data into those clouds, but it's extremely expensive to get data out of them. They've heard of Amazon's tech tricks to prevent you from exporting your data to a competing service.
European tech industry
Shifting the responsibility for compliance with the GDPR to the AP and competition authorities, as is done in the FD article, is too easy. Government bodies do have a role to play in this, as do cloud suppliers. But also the customers of those cloud suppliers, because those customers ultimately determine with their wallets whether they continue to depend on American hyperscalers or whether they give the European tech industry a chance.
By: Wido Potters