Fax and cloud …. the connection between the two terms is not apparent at first glance.
For all the younger ones – pages of paper can be sent back and forth between two fax machines. The recipient scans a sheet of paper, which is then sent to the recipient and printed out there. The whole thing happens over the telephone line with the help of annoying beeps (anyone who has already been called by a fax understands what I am talking about).
Now this time-honored technology is falling into disrepute – it should really not be data protection compliant.
This also closes the loop to the cloud, which in many cases cannot be used in a GDPR-compliant manner. Especially if the cloud provider is based in the USA and data is transferred there. Privacy advocates have been drawing attention to this for a long time and Companies can face severe penalties .
Where is the problem?
The topic is not new, it was the Hessian data protection officer, who brought it back to the table . In the past, fax transmission was based on an exchange-based line – the recipient and sender were directly connected. Today the transmission mostly takes place via VoIP, i.e. over the Internet. Of course, there are more attack vectors here, also more of a theoretical nature.
The use of fax services should be mentioned here – many companies no longer have a classic fax machine, but rely on online services for sending and receiving. This service then of course has access to the content of the fax.
The solution?
Again, there are similarities – encrypted emails should be an alternative to faxes. A technology that has so far simply not been able to establish itself due to the additional work involved. The De-Mail solution should make this easy for everyone – but the Telekom has already announced its exit here because the product is not accepted.
The situation is similar with the cloud – an alternative to US providers would be European or even German clouds. But the GAIA-X project is not really getting off the ground either. Ironically, Telekom now joins with Google to set up a cloud solution.
Progress slowed down?
According to a study by the IT industry association Bitkom many companies fight with the implementation of the GDPR and feel slowed down in the area of digitization.
An adaptation of the GDPR to the realities of the market would be urgently required. Denouncing something in terms of data protection law without naming usable alternatives is not expedient.