Security and privacy have been the central axis of the Cloud Summit 2025, a reference event for the technological and legal sector that has been held on April 24 in Madrid. Organized with the support of the Spanish Association of Suppliers of Cloud and Data Centers (Apecdata), the Association of Business Telecommunications Suppliers (ASOTEM) and the Nebrija University The event has brought together experts in cybersecurity, privacy and cloud regulations to analyze the challenges and opportunities presented by data protection in an increasingly regulated digital environment. The result is a fissure consensus: the need to establish effective strategies to guarantee privacy and regulatory compliance.

Dr. Alfonso López de la Osa, dean of the Law Faculty of the Nebrija University opened the event, who stressed that the event was born as an initiative to become a reference in the analysis of the regulatory challenges of the cloud environment, integrating right, technology and security in an essential debate for Europe.

He ceded the word to Maximilian Schrems, lawyer and activist specialized in privacy and data protection, founder of Noyb, leading organization in the defense of digital rights in Europe. In his paper he warned that the legality of data transfers between the European Union and the United States staggered again. It should be noted that the current agreement, the Transatlantic Data Privacy Framework (TADPF), signed in 2023, depends on US executive orders and not on formal legislation, which makes it an extremely weak legal base.

Schrems criticized that fragility of existing agreements on data protection and that both the European Commission and the Business Lobby would have accepted it. “Instead of betting on stable legal limitations, Europe trusted executive promises that can disappear in seconds. Now that Trump begins to move file, many European companies enter a legal limbo.”

In this sense, with the arrival of Donald Trump to power, maneuvers that threaten to dismantle the TADPF pillars have already begun. The dismissal of key members of the Pivacy and Civil Liberties Oversight Board (PCLOB) – the unique independent supervision agency considered in the agreement – and the signing of an executive order that forces us to review all the decisions of the era Biden in 45 days, leave Europe to the edge of a new “Schrems III”.

  • In the current context, Schrems highlighted the main risks for the European economic fabric:
  • Immediate legal risk: thousands of contracts that involve data transfers to the US – specially services in the cloud of Microsoft, Amazon, Google and Apple – could become illegal in a matter of days.
  • High sector impact: technology companies, financial entities, public administrations, hospitals and educational centers depend on these services.

Structural dependence: the EU has not developed sufficient sovereign alternatives against US technological giants.

Europe in a legal limbo for the data: a simple Trump firm can put in check the EUE-EE.UU Privacy Agreement.

  • Schrems also pointed out some recommendations for companies:
  • Prepare a contingency plan: Evaluate data accommodation options within the European economic space.
  • Review Cloud contracts: Ensure protection and legality clauses to possible regulatory changes.

Monitor political evolution in the US: A presidential turn can invalidate the current bases of the agreement.

Normative and cybersecurity challenges

Subsequently, a round table was held on the “challenges of privacy and cybersecurity in the cloud”, moderated by Sister Arteaga, doctor in law and partner of Easy Telecom Law Firm, with the participation of reference experts in the field of cybersecurity and data protection such as Javier Candau, attached to the National Cryptological Center (CCN), Esther Muñoz Muñoz Fuentes. Cybersecurity of the Agency for Digital Administration of the Community of Madrid, and Carlos Galán Pascual, director of the Legal Technology Agency and CCN advisor.

The debate revolved around the impact of the NIS2 Directive, the current challenges in matters of certification and compliance with the National Security Scheme (ENS), as well as the best practices for data protection in the cloud sphere. Likewise, the legal implications of the adaptation of the NIS2 in Spain were deepened, and the most frequent non -conformities detected in the certification processes are addressed for cloud service providers and telecommunications operators.

In relation to hyperscales, experts commented that they met the high level of the TES but that they had difficulties with certain demands of the RGPD. They also recommended the national property cloud for sensitive personal data such as health.

AEPD recommendations

For his part, Francisco Pérez Bes, attached to the presidency of the Spanish Agency for Data Protection (AEPD), highlighted in his presentation the importance of integrating data protection into the business strategy, especially in Cloud Services. He underlined the need for well -structured contracts, compliance with the GDPR and the implementation of effective security measures. He also warned about the challenges posed by emerging technologies such as AI and quantum computing, and called on government bodies to assume an active role in the management of these risks.

The awareness for safe and responsible digital services

Roberto Beitia, president of Apecdata closed the event, who stressed the need for technological evolution accompanied by legislative maturity in data protection and cybersecurity. During his speech, he urged to reinforce awareness throughout the value chain, from suppliers to users, and regretted the resistance to adopting basic measures such as multifactor authentication.

Beitia defended European digital sovereignty, promoting own infrastructure that reduces the dependence of global suppliers. He highlighted initiatives such as Piwik Pro, which allows audience analysis respecting privacy, as an example of technological innovation with European seal. He concluded appealing to boost the visibility and adoption of safe and resilient digital services based on a federated cloud scheme.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.