Germany: State Commissioner for Data Protection and Freedom of Information Mecklenburg-Western Pomerania issues warning to public bodies against third-country cloud computing providers

On 11 April 2025, the State Commissioner for Data Protection and Freedom of Information Mecklenburg-Western Pomerania (LfDI MV) issued a public notice alerting authorities to the potential data protection risks associated with utilising cloud computing services from providers based in non-European Union countries. As many local municipalities phase out on-premise solutions, the LfDI MV recommends prioritising open-source products and solutions to ensure data sovereignty and mitigate legal uncertainties. The warning addresses the vulnerability of public bodies to obligations imposed by non-EU jurisdictions, which may compel service providers to disclose personal data to foreign security agencies. It emphasises the strategic importance of digital sovereignty amid global geopolitical uncertainties, urging local administrations to seek software solutions that maintain data control locally and legally.