European organizations are concerned about the approximations of the European Union Cybersecurity Scheme for Cloud Services

« It is essential that the European Data Certification Scheme does not endanger the high standards of data protection we have established in Europe. »

After Cigref’s alert on digital sovereignty in the face of extraterritorial laws, and in anticipation of an extended Foreign Intelligence Surveillance Act (FISA) – which would allow the United States to access European Data – it is now the turn of the European Data Protection Board (EDPB) to call on the European Union Cybersecurity Agency (ENISA) to address the risks involved.

One crucial question remains : will the EUCS currently being established be compliant with the RGPD ?

Cigref’s concerns over digital sovereignty

In April this year, Cigref members, representing the largest French companies and administrations that use digital solutions, expressed their concerns about the potential implications of the European Data Certification Scheme (EUCS) for Europe’s digital sovereignty. They are particularly concerned about the impact of extraterritorial laws, such as FISA, which could compromise the security and confidentiality of European citizens’ data.

The European Data Protection Board (EDPB) calls for more clarity

The European Data Protection Board (EDPB) has now voiced its concerns by directly addressing ENISA. The EDPB stresses the importance of ensuring that any certification scheme for cloud services is strictly aligned with the requirements of the RGPD, in order to protect the fundamental rights of individuals with regard to personal data.

The Open Internet Project (OIP) joins the initiative

The Open Internet Project (OIP), an organisation dedicated to the defense of an open and faire Internet, fully supports this initiative. OIP shares concerts expressed by Cigref and the EDPB regarding the protection of European citizens’ data. The organisation calls for increased vigilance to ensure that the new certifications do not weaken existing data protection standards within the European Union.

« It is essential that the European Data Certification Scheme does not endanger the high standards of data protection we have established in Europe. We call on ENISA to review the current project and ensure full compliance with the RGPD. »
says Quentin Adam
President of the OIP
« We applaud the vigilance and the approach of the EDPB, fully committed to ensuring that the data protection rights of European citizens are respected and protected. The European Data Certification Scheme must reflect this priority. OIP supports this initiative to ensure that European citizens' data remains secure and confidential. We call on ENISA to act accordingly. »
adds Quentin Adam
President of the OIP

As previously offered to Cigref, the Open Internet Project is proposing that EDPB members work together with OIP to structure an end-to-end secure digital offering that meets the highest security requirements guaranteed for the most sensitive data. The aim is to ensure that a robust and reliable industrial response can meet the expectations of businesses, administrations and citizens .

Contacts:

Léonidas Kalogeropoulos, Managing Director : +33607315126 –  l.k@openinternetproject.eu

Lucie Lebret, Project Manager : +33757503010 – lucie.lebret@mediation-arguments.com

26, rue de l’Université • 75007 Paris
+33 (0)1 53 45 91 91