- Dutch government and commercial data may be at risk due to widespread outsourcing to U.S. giants like Microsoft and Google.
- Despite server locations in the EU, U.S. laws could grant the American government access, raising privacy concerns.
- Microsoft assures privacy protection, but potential legal overrides create uncertainty.
- High dependence on American services poses risks, particularly if EU-U.S. relations deteriorate.
- Major Dutch entities, including banks and schools, heavily rely on Microsoft and Google, heightening the potential impact.
A recent investigation by NOS (Dutch Broadcasting Foundation) revealed a concerning possibility: the United States government gaining access to Dutch government emails and crucial data. This revelation has sparked nationwide concern, prompting a reexamination of data security practices in the Netherlands.
Dutch entities becoming too dependent on American tech
The NOS investigation exposes a growing reliance on American tech giants like Microsoft and Google across over 20,000 entities in the Netherlands, including major companies, organizations, and governments. The outsourcing of email services to these entities prompts scrutiny over the security of sensitive information.
Despite servers being located within the Netherlands or the European Union, concerns arise regarding the potential reach of U.S. government access. A report from Dutch international affairs think tank Clingendael highlights that American laws allow the government to access data controlled by American companies, regardless of its geographical location.
Microsoft responds to outcry
In response to these concerns, Microsoft assured NOS of its commitment to safeguarding customer privacy and compliance with the GDPR privacy law. The company emphasized that data requests are made under exceptional circumstances where there is a suspicion of a serious crime, and it actively opposes such requests when possible.
However, Clingendael researcher Maaike Okano-Heijmans pointed out that American companies cannot outright refuse government access to their data. “The fact that it has not happened so far does not say much. There are laws that require American companies to hand over data,” she explained, adding that laws are subject to change. This dependence on American services poses a significant risk, especially if there are developments affecting the EU-U.S. relationship.
Who’s potentially exposed?
Microsoft dominates the Dutch email landscape, with six out of ten organizations choosing to outsource their email services to the tech giant. High-level institutions, including the House of Representatives, the Senate, financial and healthcare authorities, environmental agencies, and municipalities, are among those potentially exposed. In contrast, government ministries maintain their own mail servers.
Moreover, 60% of the 110 so-called “vital” companies examined have outsourced their mail services to Microsoft or Google. This includes critical infrastructure entities like power grid operators, major banks such as ABN Amro, ING, and Rabobank, most drinking water companies, and Amsterdam Airport Schiphol.
The need for European alternatives
The growing concerns about potential U.S. government access to Dutch data amplify the call for European alternatives. Advocates emphasize that investing in homegrown solutions enhances data sovereignty, insulating the Netherlands and the European Union against geopolitical uncertainties.
Nextcloud is gaining attention as a strong alternative—an open-source collaboration platform deeply rooted in Europe. With a robust commitment to data privacy, Nextcloud stands out as a homegrown solution that aligns with the crucial task of protecting sensitive information from external intrusion.
Organizations can then explore the integration of Microsoft products with Nextcloud using Sendent. Known for its Outlook add-in, Sendent ensures seamless interoperability between Nextcloud and Microsoft applications such as Teams and Exchange. This strategic combination acts as a bridge, facilitating smooth collaboration and leveraging the strengths of both platforms.
The push for supporting European tech infrastructure gains momentum as a strategic move to safeguard sensitive information and reduce dependence on non-European entities.