The European privacy regulator EDPS is launching two investigations into the use of Amazon’s and Microsoft’s cloud services by EU authorities. The reason is the invalidity of the Privacy Shield treaty between the EU and the United States. The European regulator states that when using the tools and services of major service providers, personal data of EU citizens is sent to the US in particular. Furthermore, it appears that EU authorities are increasingly using the cloud services of major service providers, some of which are located in the United States. These US providers must comply with national laws that allow “disproportionate surveillance activities” by US authorities, as the European Court said last year. The EDPS will look at the use of Amazon’s and Microsoft’s cloud services by EU authorities under the so-called “Cloud II contracts”, which were concluded before the Court’s ruling. The second study examines whether the European Commission has followed the recommendations of the EDPS regarding the use of Microsoft’s services and products when using Microsoft Office 365.