Gloucestershire residents' personal data may be vulnerable to access by the US Government due to current data handling practices involving American technology firms.
The UK’s significant dependence on US-based cloud services—platforms that enable remote data storage and processing—has prompted questions, especially as Gloucestershire County Council moves towards modernizing its services through increased use of artificial intelligence (AI).
At a recent corporate overview and scrutiny committee meeting, Councillor Craig Horrocks (G, Rodborough) voiced concerns as the council discussed a new £3.4 million program aimed at overhaul and technological enhancement. While praising efforts to boost efficiency through tech adoption, Cllr Horrocks emphasized worries about data security tied to US laws.
READ MORE: ‘Fit and healthy’ Cheltenham woman dies aged 46 after ‘single symptom’
READ MORE: Gloucester Rugby Appoints Joel Tomkins as New Defence Coach
“American legislation, specifically the Cloud Act, compels US companies to provide data to US authorities when served warrants, even if that data belongs to UK citizens,” he explained. “This raises significant concerns about the safety of our residents' information.”
He highlighted that this risk exists regardless of whether data is physically stored in the United States. For instance, if the US government issues a warrant to a company like Microsoft, it must comply and hand over data, including information stored through AI services such as Microsoft’s AI tools.
Cllr Horrocks also pointed out a growing trend across Europe, where governments are moving away from US-based systems in favor of European-hosted or self-hosted open source alternatives, citing heightened awareness around data sovereignty and privacy.
Deputy Chief Executive Nina Philippidis acknowledged the issue as a critical point. She noted that the council’s data and IT teams devote considerable attention to data protection, especially as AI has already been integrated through tools like Microsoft Copilot and Magic Notes in sensitive areas such as social work.
“Ensuring compliance and safeguarding residents’ data is a top priority,” Philippidis stated. “We are vigilant as these technologies and regulations evolve and will not take any action that puts data at risk.”
Despite reassurances, Cllr Horrocks maintained his stance, stressing that the Cloud Act inherently poses challenges and that several European governments are actively distancing themselves from US-based data infrastructures over these concerns.
Ms Philippidis concluded by committing to further discussions with the council’s teams to address the raised issues comprehensively.