Earlier this month, The European Court of Justice (ECJ) stated that the European Commission’s decision on the US Safe Harbor program is invalid. The notion behind this is that Safe Harbor, as a program set up between the US and EU to guarantee the safety and rightful legal protection of European Union citizens’ private information does not adequately protect those rights. You can read more on the Safe Harbor Privacy Principles over here as well as the requirements set forward by the EU Data Protection Directive, which it failed to meet.
For UpCloud and our users, the invalidation of the Safe Harbor program by the ECJ is essentially meaningless. The Safe Harbor program was set up to protect the EU originating personal data when sent and stored outside the European Union.
We have set up our infrastructure and processes in such a way that we always abide by the EU Data Protection Directive, regardless of the countries we operate data centres in. This means we never move your personal data you used to set up an account at UpCloud, or the personal data you create in using UpCloud, outside of Finland.
Therefore the invalidation of the Safe Harbor agreement is meaningless for our users.
Here’s how we store your data
When a user registers an account with UpCloud, they enter into an agreement with a Finnish company. Finland, as an EU member state, is also bound by the EU Data Protection Directive. As the user enters in their data during the account creation process or creates data during the usage of the service, all of the data which identifies the user and connects the usage of the service to that user is always stored in Finland.
This has especially been taken into account by the set of tools we utilise in running UpCloud as a company. For example, we do not use any US-based user support tools that might require us to store some of this data on the servers of the US-based company.
In short, all of the information our users can see on the UpCloud Control Panel – all of this data is located in Finland.
When a user decides to deploy a server into our US datacenter, for example, the request is sent to our management software in the Chicago data centre in a non-identifiable manner using our management network. Therefore, our Chicago data centre (nor any other datacenter, except for Helsinki) never holds any information that could identify the owner of the servers or reveal the identity of the owner. All of the user account-related data that is related to the identity of the person running servers on UpCloud – is always located in Finland.
With regard to the data stored on the cloud servers themselves, we always abide by the rules of law of the country they are located in. Therefore, in the above example, the data stored on the cloud server deployed into our Chicago data centre is thus legally bound by the US legislation.
Going forward
At UpCloud, we feel that the European Union must do everything in its power now and in the future to protect personal data according to the same high standards we enjoy in Europe today. High data protection principles and directives are certainly a strength and an opportunity for the whole European cloud industry going forward.
If you would like to take advantage of our setup regarding the protection of personal data, don’t hesitate to contact [email protected] for more information.
Photo: European Union Flags 2 by Thijs ter Haar