US clouds and video service providers are under pressure after European authorities start focusing on data protection, privacy, and data sovereignty.

Recently, a German tender was cancelled because the winner wanted to use a U.S. owned cloud service. That the data would be stored within the E.U, with a E.U. subsidiary, with SCC privacy clauses in place, was deemed not enough to guarantee data protection.

This month, the Dutch National Cyber Security Center (NCSC) published their Cloud Act memo, warning to prevent any legal or technical link to U.S. owned services, and to prevent U.S. employees to have access to sensitive or personal data. 

More and more European countries are putting a ban on U.S. owned cloud services. This impacts public tenders: you must comply to European data protection laws, and you need to audit the entire chain. The audit will fail if there is a U.S. owned vendor. This is a challenge for European broadcasters, since many rely on U.S. owned clouds, CDNs, analytics services, video players, and video platforms.

Sensitive and personal data in broadcasting

Media can contain very sensitive personal data. Organizations nowadays stream live surgeries and job interviews, and they film internal corporate and industrial processes. This data must be protected.

Logs and analytics contain personal data of viewers, and contain competitive sensitive business data such as programming, formats, popular titles, market, and advertisers. It is in the interest of the broadcasters to protect this data.

US law vs EU law

The European GDPR law requires broadcasters and their vendors to protect their data. The U.S. Cloud Act demands far reaching access to data within reach of U.S. owned vendors, even if your data is stored in the E.U., even if you work with a E.U. subsidiary, even if there are standard clauses, your data is not safe. 

There is no sight of resolving the issue between the two worlds. Broadcasters are advised to act, to protect their data, to protect their interests, to prevent claims and image damage.

Dutch company Jet-Stream (IBC hall 7, booth 7.c25) unveils a new streaming cloud platform that is 100% GDPR compliant. Jet-Stream Cloud is European owned, European hosted, without ties to non-EU vendors. All media and data are processed in the secure cloud: transcoding, hosting, streaming, analytics, and player.

Jet-Stream Cloud’s video player (called Privacy Player) contains no trackers to prevent third parties from accessing data. All data is logged and processed server-side, for accurate analytics. Personal data is removed. Chromecast can be disabled to prevent pings to Google, who can watch along with who’s watching what.

Jet-Stream also introduces the first commercially available Contextual Video Advertising service, the successor of 3rd party data video advertising. Instead of invading privacy, the player shares rich contextual data with advertisers. The result is higher CPM. 

Recently, Jet-Stream Cloud was audited by EDPS, Europe’s data protection supervisor, which streamed its Data Protection conference live on the platform. 

Jet-Stream created this handy data protection checklist, to see if your vendor (and their vendors) are GDRP compliant or are subject to the U.S. Cloud Act.

GDPR checklist Jet-Stream