Brussels, 06/12/2018 – CISPE, the alliance of Cloud Infrastructure Services Providers in Europe, describes the European Council’s proposal as “technically unworkable and targeting the wrong actors”. CISPE is urging the European Parliament to clarify the proposed rules and to make them fit for purpose and consistent with the GDPR privacy protections enacted barely six months ago.

The Regulation will obligate cloud infrastructure providers to proactively scan, filter and remove data, covering all enterprise and government data running across cloud infrastructure services. CISPE maintains this cannot be the intention of the legislator and so this needs to be clarified in the Regulation, which targets the wrong players. It is technically impossible for cloud infrastructure to deliver what is requested.

“CISPE companies already co-operate fully with the authorities in fighting terrorist content,” says Alban Schmutz, CISPE Chairman and VP Strategic Development & Public Affairs, OVH. “The rules adopted today are designed for online content sharing services like social media and content sharing platforms that can access, monitor data and content made available by their end-users. Even if the automated proactive measures (Article 6) contemplated in the Regulation were to be developed in the future, they would require cloud infrastructure providers to proactively ‘snoop’ on all customers – imposing blanket scanning, filtering and data removal obligations”.

CISPE urges European legislators to clarify the scope of the Regulation to include rules that are clear, workable and proportionate, and do not put the entire cloud infrastructure sector in Europe at risk.

Download full press release