PRIVA SCORE: Cloud provider

Summary: The PRIVA SCORE evaluates the data protection features of cloud providers and can reach a maximum of 312 points.
The providers pCloud, Tresorit, SpiderOak and Nextcloud have the highest level of data protection and receive all 312 points. They offer end-to-end encryption, the best data security and do not sell user data.
Amazon Drive and Google Drive have the lowest PRIVA SCORE with 92 and 112 points respectively, because they do not offer end-to-end encryption during transmission and data sales take place. IONOS and Microsoft OneDrive perform mediocrely, but are still rated “red” because your data is used for advertising.


The PRIVA SCORE can receive a maximum of 312 points due to the calculation when evaluating cloud providers.
As always, the PRIVA SCORE evaluates how well apps/services Data protection features fulfill.

When evaluating cloud providers pCloud, Tresorit, SpiderOak and Nextcloud perform best. They have the highest level of data protection (all 312 out of a possible 312 points) of the cloud providers compared here. They have End-to-end encryption, best Data security, regular and transparent security audits, anonymize user data as far as possible and sell above all Your data will not be shared.

Where there is a lot of light, there is also a lot of shadow. Who would have thought that Big Tech would receive a low PRIVA SCORE here as usual?

Amazon Drive and Google Drive are at the bottom of the list with 92 and 112 points respectively. This is due, among other things, to the fact that the End-to-end encryption only exists on the server side. This means that the transmission during upload and download is not encrypted. There are supposedly regular security audits, but the results are not published. And that your data sold should also come as no surprise. Dropbox (119 points) allows a good Data portability, but is the only provider that does not offer end-to-end encryption. Not much more needs to be said about this.

IONOS and Microsoft OneDrive cut almost all Data protection features only mediocre (both 142 points), but use your data for advertising, are therefore not recommended at all. Strato HiDrive (156 points) is also not a recommendation, but still gets a “yellow rating” because your data is not used for advertising.

Explanation of data protection features

End-to-end encryption: With end-to-end encryption, the files are encrypted on the user's device before they are uploaded to the cloud. The key never leaves the user's computer, so the cloud provider has no access to the unencrypted content.

Data security: Cloud providers must implement extensive security measures such as firewalls, encryption and regular backups to protect their customers' data from loss and theft.

Regular security audits: Reputable cloud providers have their security measures regularly checked by independent bodies in order to identify and resolve vulnerabilities at an early stage. Cloud providers who do not publish these reports should be distrusted.

Anonymization of user data: Good cloud providers anonymize user data so that no conclusions can be drawn about individuals. Cloud providers that sell advertising compromise this anonymization.

Data localization options: Many European cloud providers offer the option of storing data exclusively on European servers to ensure compliance with the GDPR. Data stored in unsafe third countries such as the USA is subject to much lower data protection standards.

Data transparency: Transparent cloud providers openly inform their users about data protection practices, access options and security measures.

Clear guidelines on data sharing: Reputable providers have clearly defined guidelines on when and under what circumstances customer data is passed on to third parties. Dubious cloud providers deliberately formulate this in a "vague" or complicated way in order to leave the transfer unclear.

Data portability: Good cloud providers allow their users to download their data at any time and migrate it to another provider. Cloud providers from the Big Tech sector in particular make this deliberately difficult in order to keep users in the "walled garden" of their own ecosystem.

en_USEnglish