Cybersecurity Politics Regional

80 European public agencies will be investigated to ensure compliance with data protection standards

Some of Belgium’s biggest public institutions will be the subject of an investigation in order to ensure their storage of personal data is in compliance with the General Data Protection Regulation (GDR) standards of Europe.

A coordinated action from 22 data protection authorities will investigate 80 public institutions in Europe, Le Soir reports.

In Belgium, the investigation will focus on Smals, the non-profit organisation which, although private, provides a cloud hosting service for many public organisations, along with five organisations that process large volumes of health data and played a crucial role in the context of the coronavirus crisis, including Sciensano, Cocom (Joint Community Commission) and Aviq (Quality Life Agency).

“This is the first coordinated enforcement action by all regulators,” said David Stevens, chairman of the Belgian Data Protection Authority (DPA).

Particular attention will be paid to agencies’ use of the cloud, meaning remote servers accessible via the internet wherein data is stored for future retrieval.

Use of the cloud has doubled over the past six years in the European Union, according to Eurostat, and the Covid-19 pandemic has further accelerated the phenomenon by forcing many companies to utilise the technology as their employees switch to remote working.

Public organisations are among those subject to the trend because they have had to deal with a massive volume of data, a lot of which is sensitive, such as in the case of Sciensano which collects health information.

Regulators aim to assess whether this data storage is safe or vulnerable to threats. They’ll also look into whether or not subcontractors are complying with the GDPR, too, and if cloud infrastructure service providers process data only to the extent necessary to maintain the service.

Possible data transfers outside of Europe will be scrutinised, as well. Such transfers to the US are banned and currently the subject of several legal battles. Microsoft’s services, for one, are often closely linked to the functioning of government services.

The 80 organisations that will be examined are public European ones active in the sectors of health, finance, taxation and education, among others.

Source: Brussels Times

Leave a Reply