November 28, 2025
Clouds, keys, and spicy comments
Switzerland: Data Protection Officers Impose Broad Cloud Ban for Authorities
Swiss data cops slam Big Cloud; debate erupts over privacy vs perks
TLDR: Swiss data watchdogs effectively banned government use of big foreign cloud apps for confidential info unless the state controls encryption keys. Comments exploded over privacy versus convenience, from “SaaS loses its magic” to distrust of U.S. laws like the Cloud Act, with calls for local providers.
Switzerland’s data protection chiefs just dropped a bomb: government agencies shouldn’t use big foreign cloud apps (think AWS, Google, Microsoft) for confidential info unless the state keeps the encryption keys, meaning the providers can’t read anything. Cue a comment-section meltdown. One camp cheered the privacy-first stance, pointing to the U.S. Cloud Act, which lets American authorities demand data even if it’s stored in Switzerland. Another camp groaned that true end-to-end encryption nukes the fun stuff—search, live collaboration, and those shiny AI features—turning trendy software into glorified file lockers, as 7777777phil bluntly put it.
Practical voices chimed in with a Swiss twist: sschueller argued many public services don’t need global, always-on clouds, and local providers can handle attacks and keep things inside the border. Belter cracked the viral joke of the day, predicting a future headline where the government runs back to the cloud after realizing “the cleaning staff had more access than IT,” poking at old-school security woes. Meanwhile, neves declared trust in U.S. tech is fading since Snowden, and estebarb roasted the irony that you can’t even read the article without “marketing cookies.” Past bans (like on Microsoft 365) fizzled, so the crowd’s watching: is this a real pivot or just Swiss vibes?
Key Points
- •Privatim’s resolution effectively bans Swiss federal authorities from using international hyperscaler SaaS (e.g., AWS, Google, Microsoft) for sensitive or legally confidential personal data.
- •Use of SaaS for such data is only permissible with true end-to-end, client-side encryption where the cloud provider has no access to decryption keys.
- •Privatim cites low transparency, difficulty verifying compliance, long subcontractor chains, and unilateral contract changes as risks with global providers.
- •The US CLOUD Act can compel US providers to hand over data even if stored in Switzerland, creating legal uncertainty for confidential data.
- •Past declarations (e.g., about Microsoft 365) saw limited enforcement; the new resolution still poses significant IT strategy challenges for authorities.