Swiss data protection authorities have warned state institutions about the risks of storing sensitive data on foreign cloud platforms. The Swiss Conference of Data Protection Officers (Privatim) has adopted a resolution urging authorities to favor local or European solutions for the storage and processing of information.
According to Privatim, many data centers are located outside Switzerland or are owned by foreign companies, which increases the risk of unauthorized access and makes control over the data more difficult. The data protection officer for the Canton of Fribourg, Martine Stoffel, emphasized that public cloud solutions do not always provide full encryption and often involve multiple subcontractors.
The resolution recommends that highly sensitive data—such as health records, religious beliefs, or information about sanctions on individuals—should not be stored in public clouds. For these cases, alternatives such as Swiss or European clouds, local storage, or encryption with key management controlled by public authorities are suggested.
However, Privatim does not call for a complete abandonment of cloud technology, noting that public data can continue to be stored there. Another concern raised is the legal risk associated with the U.S. Cloud Act, which allows U.S. authorities access to data managed by American companies, even when the servers are located outside U.S. territory.
