U.S. Cloud Act vs GDPR: Why European Broadcasters Need to Switch
Last updated: 9 September 2022
US clouds and video service providers are under pressure after European authorities start focusing on data protection, privacy, and data sovereignty.
Two years ago, a German tender was cancelled because the winner wanted to use a U.S.-owned cloud service. That the data would be stored within the E.U., with an E.U. subsidiary, with SCC privacy clauses in place, was deemed not enough to guarantee data protection.
A few months later, the Dutch National Cyber Security Center (NCSC) published its Cloud Act memo, warning to prevent any legal or technical link to U.S.-owned services and to prevent U.S. employees to have access to sensitive or personal data.
More and more European countries are putting a ban on U.S.-owned cloud services. This impacts public tenders: you must comply with European data protection laws, and you need to audit the entire chain. The audit will fail if there is a U.S.-owned vendor. This is a challenge for European broadcasters since many rely on U.S.-owned clouds, CDNs, analytics services, video players, and video platforms.
Sensitive and personal data in broadcasting
Media can contain very sensitive personal data. Organizations nowadays stream live surgeries and job interviews, and they film internal corporate and industrial processes. This data must be protected.
Logs and analytics contain the personal data of viewers and contain competitive sensitive business data such as programming, formats, popular titles, market, and advertisers. It is in the interest of the broadcasters to protect this data.
US law vs EU law
The European GDPR law requires broadcasters and their vendors to protect their data. The U.S. Cloud Act demands far-reaching access to data within reach of U.S.-owned vendors, even if your data is stored in the E.U., even if you work with an E.U. subsidiary, even if there are standard clauses, your data is not safe.
There is an ongoing discussion between the EU and the U.S. regarding data governance. However, there is no sight of resolving the issue between the two worlds yet. Therefore, broadcasters are advised to act, to protect their data, to protect their interests, to prevent claims and image damage already today. And one of the best ways to safeguard your data is by switching to such companies as Jet-Stream.
What is so special about Jet-Stream?
During an IBC 2022, Dutch company Jet-Stream unveiled a new streaming cloud platform that is 100% GDPR compliant. Jet-Stream Cloud is European-owned, European-hosted, without ties to non-EU vendors. All media and data are processed in the secure cloud: transcoding, hosting, streaming, analytics, and player.
Jet-Stream Cloud’s video player (called Privacy Player) contains no trackers to prevent third parties from accessing data. All data is logged and processed server-side, for accurate analytics. Personal data is removed. Chromecast can be disabled to prevent pings to Google, who can watch along with who’s watching what.
Jet-Stream also introduced the first commercially available Contextual Video Advertising service, the successor of 3rd party data video advertising. Instead of invading privacy, the player shares rich contextual data with advertisers. The result is higher CPM.
Also, Jet-Stream Cloud was audited by EDPS, Europe’s data protection supervisor, which streamed its Data Protection conference live on the platform.
Are you concerned about the safety of your data? Then you’ll be glad to know that Jet-Stream has gone ahead and created a really useful data protection checklist. Use it to check if your vendor (and their vendors) are compliant with GDPR or if they’re subject to the U.S. Cloud Act.