The Invalidation of the Safe Harbor Program Is Meaningless for Our Customers

  • October 21, 2015

Earlier this month, The European Court of Justice (ECJ) stated that the European Commission’s decision on the US Safe Harbor program is invalid. The notion behind this is that Safe Harbor, as a program setup between the US and EU to guarantee the safety and rightful legal protection of European Union citizens’ private information does not adequately protect those rights. You can read more on the Safe Harbor Privacy Principles over here as well as the requirements set forward by the EU Data Protection Directive, which it failed to meet.

For UpCloud and our customers, the invalidation of the Safe Harbor program by the ECJ is essentially meaningless. The Safe Harbor program was setup to protect the EU originating personal data when sent and stored outside the European Union.

We have setup our infrastructure and processes in such a way that we always abide by the EU Data Protection Directive, regardless of the countries we operate datacenters in. This means we never move your personal data you used to setup an account at UpCloud, or the personal data you create in using UpCloud, outside of Finland.

Therefore the invalidation of the Safe Harbor agreement is meaningless for our customers.

Here’s how we store your data
When a customer registers an account with UpCloud, they enter into an agreement with a Finnish company. Finland, as an EU member state, is also bound by the EU Data Protection Directive. As the customer enters in their data during the account creation process or creates data during the usage of the service, all of the data which identifies the user and connects the usage of the service to that user is always stored in Finland.

This has especially been taken into account by the set of tools we utilise in running UpCloud as a company. For example, we do not use any US based customer support tools that might require us to store some of this data on the servers of the US based company.

In short, all of the information our customers can see on the UpCloud Control Panel – all of this data is located in Finland.

When a customer decides to deploy a server into our US datacenter, for example, the request is sent to our management software in the Chicago datacenter in a non-identifiable manner using our management network. Therefore, our Chicago datacenter (nor any other datacenter, except for Helsinki) never holds any information that could identify the ownership of the servers or reveal the identity of the owner. All of the customer account related data, that is related to the identity of the person running servers on UpCloud – is always located in Finland.

With regard to the data stored on the cloud servers themselves, we always abide by the rules of law of the country they are located in. Therefore, in the above example, the data stored on the cloud server deployed into our Chicago datacenter is thus legally bound by the US legislation.

Going forward
At UpCloud, we feel that European Union must do everything in its power now and in the future to protect personal data according to the same high standards we enjoy in Europe today. High data protection principles and directives are certainly a strength and an opportunity for the whole European cloud industry, going forward.

If you would like to take advantage of our setup regarding the protection of personal data, don’t hesitate to contact [email protected] for more information.

Photo: European Union Flags 2 by Thijs ter Haar