Safe Harbour Ruling and UK Hosting | Storm Internet

Now it is illegal for persons in the UK to host their website in the USA if they collect any user data on their site.

People often look first to the USA when they want to build a website as most of the mega tech companies are located there. So when someone wants to build a do-it-yourself website quickly, and perhaps add ecommerce to that, many would turn to American businesses like GoDaddy (DNS), Stripe (shopping cart), or Weebly (website builder and hosting). But if they do that and they add a contact form or shopping cart, both of which obviously collect user data, then they are violating the Safe Harbor Ruling. So it’s best to go with EU alternatives.

The Safe Harbour Ruling is a decision handed down by the European Court of Justice (ECJ) in 2015. What it says is that data on Europeans must be kept inside the borders of Europe. The courts says the reason for this is the American police and spies have free reign to read data on data stored on any person inside the USA because of the American anti-espionage laws and American violation of those very same laws too.

The ruling has left American tech companies wondering how they can comply with that. Consider for example how difficult that would be for, say, Facebook: they would have to configure their database to send certain data records to a data server in the EU for EU residents and then send the rest to servers wherever they have their data centers. But if data records are kept apart then how can a Europeans friend an American on Facebook? The answer is Facebook would have to store individual data fields, those deemed to be private, in different countries while they store the person’s name, which they hope is quasi-public, anywhere. Needless to say that would be messy.

The problem with the American legal system, says the ECJ, is that the Americans have free reign to read data stored at Google and elsewhere. Or if not, they can do that by issuing a subpoena to the tech company. If you know about the American Patriot Act (passed after 9/11), and other laws passed by former President Bush, the American are supposed to get a subpoena to open data files. But the Edward Snowden revelations show that the Americans ignore those laws and simply tap into Yahoo, Facebook, Microsoft, and all of the major telecom carriers without asking anyone. Then they muzzle those companies so they cannot tell their customers. (Knowing all of this to be illegal, the Bush administration had lawyers write opinions after the fact looking for the legal justification for that.)

Europe lacks infrastructure in many cases to comply with the ECJ or it’s just not possible. The borderless nature of the internet means data flows where it wants to. When The Guardian printed the news that the Americans were reading the emails and tapping the phone of German Chancellor Angela Merkel, the German president wondered out loud why an email sent from one German resident to another should flow through Virginia. The reason is Virginia is a major telecom hub with lots of trans-ocean trunk lines there. So Deutsche Telekom said it would build an internet routing network that would keep German data inside the EU. But like we just said, internet data packets follow whatever route they want and do not go where politicians direct them.

So even though it might be ridiculous, and even moot regarding email, Europeans still have to go through the motions of keeping European data inside the EU. You can certainly do that for databases for a company that is not global. The way to do that is to pick a web hosting and cloud provider in the EU. They should have redundant data centers in anywhere but the USA. Technically that should stop the Americans from vacuuming up that data.

So put keep your data on EU citizens in the EU and British citizens in the UK. It’s the law, plus it should help protect people’s privacy.

For more information on data sovereignty and how we can help you, call us on 0800 817 4727.