European internet users have gotten into big trouble as of Tuesday, October 6th. Their personal data can no longer be blindly stored on American servers, or clouds. A large part of the popular internet is currently hosted on American clouds like Amazon, Microsoft, Apple, or Google.
The European Court of Justice has put a bomb under the use of this American infrastructure. This as a result of a court case instigated by an Austrian Facebook user.
Facebook, as a company, also has a presence in Ireland, but store their user data on servers in the United States. The Austrian user didn’t consider his data (and privacy rights) safe there. The Irish privacy watchdog deemed America to be safe, following a 2000 decision by the European Commission.
European judges concluded that this decision should never have been made. Personal data may only flow to countries outside the EU if their privacy legislation offers the same protections as the European counterpart. The United States lacks the proper legal framwork, which enables the US Department of Justice to look into the data of EU citizens with no repercussions, which is not allowed under EU law.
Doing business with the United States is obviously still allowed and possible, but European companies are now responsible for safeguarding their customer data, regardless of location.
Europeans can still use European servers operated by European daughter companies of American corporations. The question remains, how long this will be possible. In the United States, there is a running court case where the Department of Justice claimed that European daughters are still beholden to their requests for data hosted in Europe, regardless of local regulations. Although this is still an ongoing court battle, the first round in this fight was awarded to the DOJ.
Citizens and companies that use cloud services physically hosted in the United States will ahve to start looking for European solutions. If, for instance, a web shop keeps its customer data stored on an external US-hosted cloud service, a new solution will have to be found to stay within the law. It is up to the web shop operators to make sure they comply.
If, as a European user, or company, you want to make sure that your customer data complies to European legislation, make sure that data is being stored at a European cloud service like CloudVPS. This way you can be sure that all your data remains within the EU, or The Netherlands, and that you are complying to all relevant local laws.
Omar Benameur is CEO of CloudVPS.
Sources (dutch):
http://www.nu.nl/internet/4139196/europees-hof-zet-streep-privacyverdrag-met-vs.html
http://www.telegraaf.nl/digitaal/24580996/___Bom_onder_cloud_VS___.html