The European Union has launched enforcement action focused on public sector bodies’ use of cloud services.
More than 80 public bodies in a wide range of sectors, including health, finance, tax, education and IT service supply and procurement, are to face local data protection authorities.
The actions will likely range from fact-finding exercises and questionnaires to formal investigations if privacy concerns are identified.
A spokesperson for the European Data Protection Board (EDPB) said the exercise would take the best part of this year, with a ‘state of play’ report slated to be published before the end of 2022.
“In 2021, EDPB members examined a list of possible options for the first coordinated enforcement framework (CEF) action,” the spokesperson said.
“They prioritised the use of cloud services by Public Services,” they said.
“This was a collective choice.
“Individual members may have prioritised this topic for various reasons, including the fact that they have already launched some work on that topic, or that they were planning to do so in the near future.”
The spokesperson said the goal of the CEF was to harmonise the approach taken by individual supervisory authorities to ensure a more consistent application of the EU data protection laws.
Last year the European Data Protection Supervisor opened an investigation of contracts between EU institutions and United States cloud giants, AWS and Microsoft, as part of its oversight of their compliance with the bloc’s data protection rules.
Brussels, 18 February 2022