CNIL Demands Enhanced Data Protection
The French National Council of Computer Sciences and Liberties (CNIL) has raised significant concerns about the EU’s draft cloud certification scheme, known as EUCS. The CNIL has criticized the scheme for lacking sufficient data protection measures, particularly against unauthorized access by foreign powers. This criticism adds to ongoing French government concerns about the scheme’s effectiveness and its history of delays.
Current Shortcomings Highlighted
According to CNIL, the existing draft of the EUCS fails to provide adequate safeguards for sensitive data, such as healthcare, criminal, and child-related information. The French data protection authority argues that the certification needs stronger privacy guarantees to ensure that such critical information remains secure from external access.
Political Disputes and Delays
The EUCS has been mired in political disputes, particularly regarding sovereignty requirements. France initially sought to restrict the certification to EU-based cloud providers for the highest security standards, aiming to align more closely with its national cloud certification, SecNumCloud. However, this proposal faced strong opposition from other EU countries and major industry players, including American giants like AWS and Microsoft, leading to a stalemate.
Ongoing Certification Challenges
The European Cybersecurity Certification Group, tasked with developing the certification scheme, is still awaiting guidance from the European Commission on whether additional sovereignty rules can be applied. The planned meeting to finalize the draft, originally set for mid-July, has been postponed with no new date scheduled. This delay jeopardizes the chances of reaching an agreement before the current Commission’s term ends in October.
Progress on Other Certifications
Since the EUCS initiative began in 2019, only one of the proposed certifications has been approved, covering baseline ICT products. The certification for 5G technology remains in progress. The ongoing delays in finalizing the EUCS could further extend the timeline for implementing new privacy measures for cloud services.
SOURCE: Ref Image from The Reuters
Whether writing about complex technical topics or breaking news stories, my writing is always clear, concise, and engaging. My dedication to my craft and passion for storytelling have earned me a reputation as a highly respected article writer.