Cloudfare, a North American company that was working with the INE in the process of conducting the 2021 census and which suspended the contract following suspicions raised by the National Data Protection Commission (CNPD), said it had no data. s. In a statement to the newspaper Publico, Cloudfare states that “there had never been any transfer of data from the United States censors” and understands that the CNPD’s statements “do not properly reflect the service provided”.
On this issue, remember, the fact is that, after an inspection, CNPD released this on Tuesday Deliberation INE was addressed to give the 12-hour period to suspend any international transfer of personal data to the United States or other third countries without adequate levels of protection within the scope of the 2021 census surveys. Originally, the Commission concluded that “INE changed to Cloudfare, Inc., which permits the transfer of personal data to the USA in its contract” to conduct the census survey.
However, Cloudfare stated in the same statement by Publikko that “it does not provide access to the content that passes through its network in response to a government request”. And he said: “If we received such a request, we would fight it in court and publicly indicate any disclosure we were required to make”.
One of the services provided by the cloud under contract with INE was to increase the network size, multiplying the possible response by multiple servers. Finally, the information is always on the INE servers, but in the meantime the responses are in transit through the servers of Cloudfare, which is based in California. And, as the CNPD refers in its deliberations, the contract “provides for the transfer of personal data to any 200 servers” used by Cloudflare, “as well as personal data to the United States Transfer of “.
As Business reported on Wednesday, the use of American business services in the European Union has already been considered by the Court of European Union (CJEU) in the “Shremes II” case, which is, well, that United States law states USA “makes it possible to interfere with people’s fundamental rights based on requirements related to national security and public interest, which may result in access to personal data transferred from the EU to the USA and the use of such data under surveillance programs Is “Foreign Intelligence Surveillance Act”, based on FISA.
Now, the CNPD has also mentioned in its deliberations that the services provided by Cloudflare place the company directly under the jurisdiction of US law, which provides for large-scale access to the personal data processed by it. Provides liability, an electronic provider immediately. Services “. Since, the CNPD underlines,” US law prohibits US companies from informing their customers in the context of national security activity by US authorities for the purpose of collecting information about foreign security “.
Bloco and PSD summon government, CNPD and INE to Parliament
In short, the CNPD concludes, “There is no guarantee that the personal data of citizens living in Portugal” collected by the INE under the census “will not be accessed by US authorities”. Cloudflare denied that it had happened, but in the meantime, the INE suspended the contract in view of suspicions and demands from the CNPD and the inspection is continuing.
Meanwhile, the left block has already submitted a request to the Parliament to summon the chairman of the board of directors of the INE to the Constitutional Affairs Committee and on this Thursday the PSD announced that it had also submitted a request and the person in charge. In addition to the INE, Francisco Lima intends to listen to Mariana Viera da Silva and the president of the CNPD, Philippa Calvo, for the state and presidency in Parliament “about the suspension of contracts with CloudFare and data protection in the 2021 census” is.