When looking for a hosting service, there is much more to consider than just the lowest pricing. What about resources or expansion options, for example? And, more specifically, why is it wise to choose Europe rather than the US?
Privacy in Europe: GDPR
In Europe, the General Data Protection Regulation (GDPR) has been in effect since 2018. This collection of regulations safeguards European residents' privacy on several levels. GDPR imposes obligations on cloud providers as well as rights on people. The GDPR requires companies and organizations to be open about the data they gather, how they handle data and what they use this data for. According to the GDPR, companies have to take security measures and develop policies and procedures to properly protect data.
Sectors and Governments in the US
Today's cloud technology market is dominated by foreign tech companies. These are mainly American providers, who must comply with American legislation. The rules vary greatly, particularly in terms of privacy.
America regulates and guarantees privacy based on groups and sectors. There is, for example, the Privacy Act (1974), which governs data processing by government entities. However, the Privacy Act is not about data processing by private companies.
Then there is the Children's Online Privacy Protection Act (1998), which regulates children's online privacy under the age of 13. Or the Health Insurance Portability and Accountability Act (1996), which deals with the processing of health data.
In short, there are several rules in place to guarantee that privacy within a sector is (correctly) recorded. The benefit is that they may be tightened or loosened based on the sector or group. On the other side, there is a lot of uncertainty and fragmentation. Most crucially, there are no legislative data protection equivalents to those in Europe for people in the United States. Cloud providers decide how they protect the rights, using service contracts.
Privacy in America: the CLOUD act
Since March 2018, the CLOUD legislation has been in force in the United States. This law mandates cloud service providers to give data (of people and businesses) to US authorities upon request. This applies to all American companies, including companies that process European data. A request from the authorities is sufficient. It is not essential to explain it, nor is a court order required.
This is a dilemma for cloud providers: on the one hand, they must ensure individuals' privacy according to the GDPR, while on the other hand, they must share this with the US government if requested. As a workaround, some providers only share encrypted data. However, the CLOUD Act gives US authorities the option of requesting unencrypted data or decrypting encrypted data. And that is still a violation of the GDPR.
VPS hosting in Europe: protected by European law
As said, the GDPR protects people's data and privacy in Europe. This means that the privacy of European citizens is protected in many areas. Rights that Europeans can invoke are, for example, the right to access, delete and transfer personal data.
Tilaa: What happens in Europe stays in Europe
Do you want to be sure that your data is stored securely and is not shared with others or governments? Then the best answer is 'better safe than sorry.' European data centers are governed by European law. They will not (and may not!) share data with outsiders unless under extreme circumstances and with a court order.
Ready to set up your next VPS with Tilaa?
Tilaa is an independent Dutch provider and only has Tier3-data centers in the Netherlands, in Amsterdam, and Haarlem. We are subject to European regulations, which permit us to safely keep our users' personal data. We are audited annually and are ISO certified. Finally, we are also secured with NEN 7510, ISAE 3402 Type 1, and PCI-DSS. This way, we can maintain the security of your data while you focus on your primary tasks.
Ready for your next VPS? Go to our configurator and set up your new VPS!