AardvarkBusiness.net - Business Search Engine AardvarkBusiness.net - Business Search Engine



 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

     

hosting outside of the EU

 
 
Post new topic   Reply to topic    AardvarkBusiness.net Forum Index -> Domains & Hosting Forum
View previous topic :: View next topic  
Author Message
globalart4u
Executive PA
Executive PA


Joined: 17 Apr 2005
Posts: 90
Location: Glasgow
125 ants

PostPosted: Wed Feb 13, 2013 7:38 pm    Post subject: hosting outside of the EU Reply with quote

if you are taking out hosting outside of the European Union you may be in breach of Principle 8 of the Data Protection Act which states

"Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data."

For example a company who hosts in the States may have checked if the company in the States has signed up to the 'safe harbour scheme' but this does not make the data safe as the US is deemed to be a country which lacks "adequate" Internet privacy protection as per Article 25 of the EU Directive. Also if requested by the US gov under their terrorism acts if requested all data on a US server must be handed over by the hosting comkpany.

If no personal data is being stored on a website server outside of the EU then you should be ok
_________________
http://www.lewoodentoy.co.uk - traditional wooden toys
http://www.tartanrock.co.uk - gifts
http://www.promostamper.co.uk - self inking stamps
Back to top
View user's profile Send private message Visit poster's website
trev
President
President


Joined: 15 Oct 2002
Posts: 3011
Location: NW England, UK
4037 ants

PostPosted: Fri Feb 15, 2013 1:34 pm    Post subject: Reply with quote

It is highly complicated as of course it also fails to deal with how you transfer personal data between locations. Eg: if it's transferred to an appropriate country outside the EEA but not using SSL, then in theory it could be collected by someone in a non-compliant country.

- However, on the Safe Harbour Scheme from what I've read on the ICO web site it seems to suggest that you are in theory allowed to transfer to safe harbour scheme members under principle 8, eg:

http://www.ico.gov.uk/for_organisations/data_protection/the_guide/principle_8.aspx

"The Safe Harbor scheme is recognised by the European Commission as providing adequate protection for the rights of data individuals in connection the transfer of their personal data to signatories of the scheme in the USA."

"Although the United States of America (US) is not included in the European Commission list, the Commission considers that personal data sent to the US under the voluntary “Safe Harbor” scheme is adequately protected."

- However, if article 25 states they aren't a safe country and there are these problems with the terrorism acts, then it seems even the ICO doesn't entirely know what's legit.

- Then again, if you transferred and held the data in the UK, the Regulation of Investigatory Powers Act 2000 (RIP act) might allow snooping of the data by various authorities which is not protected by the ICO.


Ever get the feeling there are a bunch of lawyers working in the EEA / EU offices who just try to make things as complicated as possible so they can then make more money for other lawyers in courts?


Solution:

1) Send the data to a computer in Switzerland.
2) Have the computer in Switzerland store then send the data to the US.

Switzerland is outside the EU so not bound by its laws, but is accepted as a safe country to send data to. When it leaves the Swiss computer, it only has to abide by Swiss laws and thus the EU can't say a thing about how it's stored.

Lawyers 0 :: Real people 1

Very Happy

Trev
_________________
Mad Theories - Ambleside - Coniston - Grange
Back to top
View user's profile Send private message Visit poster's website
globalart4u
Executive PA
Executive PA


Joined: 17 Apr 2005
Posts: 90
Location: Glasgow
125 ants

PostPosted: Sat Feb 16, 2013 11:04 pm    Post subject: Reply with quote

problem is that this was not known when the safe harbour scheme was considered legit until Microsoft let the cat out of the bag to the EU when they were being investigated that they actually have to provide all information on any server in the world to the states under their terrorism act. This then set of a lot of alarm bells within the EU as they did not want to lose their proprietary / personal data which was on a server in their own country to another nation.

ICO are waiting to see what the EU does and so far there are lots of discussions all not in favour of data in the EU so let's see what happens. ICO will not do anything without EU DP say so on their site re this.

problem with the swiss scenario is that if it is data originating from the EU and EU company then the originator is still liable even if they store data on a separate server which is sent somewhere else. Lots of complications there.

RIP act ah yes but i think there are some safeguards there unlike the american one though not so sure how much
_________________
http://www.lewoodentoy.co.uk - traditional wooden toys
http://www.tartanrock.co.uk - gifts
http://www.promostamper.co.uk - self inking stamps
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    AardvarkBusiness.net Forum Index -> Domains & Hosting Forum All times are GMT + 1 Hour
Page 1 of 1

 
Google
 
Business ForumSport ForumTravel Forum


Powered by php B B © 2001, 2002 php B B Group

AardvarkBusiness.net Business Search Engine & Directory