Since Amazon introduced its “Simple Storage Service” (S3) for object data storage in 2006, this technical offering has become a quasi-industry standard. S3 enables companies to store large amounts of data in any format in the Amazon cloud and quickly find and retrieve them. Typical usage examples are Big Data, IoT data, or image and video storage.

However, in recent years, many European companies have begun seeking an alternative to the market leader Amazon S3. While the EU has significantly tightened the legal requirements for data protection, US legislators, in contrast, have considerably expanded the possibilities for their intelligence agencies to access the data of non-American customers of US companies.

For example, the US Cloud Act (Clarifying Lawful Overseas Use of Data Act) of 2018 requires US providers of telecommunications or cloud solutions to disclose their customers' data at the request of US authorities such as the FBI or NSA, even if the storage location is not in the USA. Customer data is to be treated as if it were on American soil – regardless of who owns it and where it originates. 

In stark contrast to the American Cloud Act is the European General Data Protection Regulation (GDPR), which also came into force in 2018. This directive demands uncompromising protection of personal data, not only for companies in the EU but also for foreign businesses, such as Amazon, which are active in the European Economic Area. Consequently, a US cloud provider that offers its services in the EU is also subject to the strict guidelines of the GDPR. 

International agreements have been unable to resolve the legal contradiction between US and European laws to date. American companies like Amazon are therefore in a dilemma. If they give US intelligence or law enforcement agencies access to European customers’ data, they will likely violate the GDPR. However, denying such access violates the Cloud Act.

This situation was aggravated by a decision of the European Union Court of Justice in July 2020, which pronounced the EU-US data protection shield partially invalid. The reason given by the court was that it did not offer EU citizens adequate protection from government surveillance. Therefore, there is currently no valid mechanism for US providers to comply with EU data protection requirements when processing personal data. 

Thus, it is not surprising that many EU companies are looking for a European alternative to Amazon S3 in the face of this uncertain situation. Deutsche Telekom's Open Telekom Cloud offers an alternative for concerned users, operating its own data centers in Saxony-Anhalt, for just one example. Amazon's undisputed market leadership has led to the S3 API becoming the unofficial industry standard for interfaces for object storage services. Therefore, the fact that Amazon S3 can only be accessed via an interface (API) makes switching to a European provider relatively easy.

The Open Telekom Cloud also offers an object storage service that can be accessed via the S3 interface. This technological tool is based on the OpenStack Object Store project, also known as Swift. Open Stack is an open-source architecture for cloud computing, initiated by Rackspace and NASA, and is now being supported and further developed by various other companies, including AT&T, Canonical, Hewlett-Packard Enterprise, Intel, Red Hat, Huawei, and IBM. Swift API queries are largely identical to those of Amazon's S3 API, making it easy for companies to switch. 

Its German location is not the only factor that makes the Open Telekom Cloud mean greater security in terms of compliance with European data protection regulations. For example, this service is one of the few cloud offerings on the market to have received the “Trusted Cloud” certificate from the German Federal Ministry of Economics. Because German authorities or companies use providers with this certificate, you can be sure that they meet all applicable requirements in terms of data security and protection.