How about USA-EU Safe Harbor policy?

December 10, 2014 7.9k views
manueldl
By:
manueldl

I've just had a look on your status on US-EU Safe Harbor list and it seems to be as Not Current (http://safeharbor.export.gov/companyinfo.aspx?id=18129).

For us as your customers it is crucial you to be enlisted with 'Current' status at such list. Otherwise, we can not meet the requirements of European legislation on personal data protection.

You should have updated your registration on the Safe Harbor list on october. Additionally, such a change does vary the terms of service. Are you planning to update your status on such frame? When?

2 comments
  • jasper October 14, 2015

    With Safe Harbor having been invalidated in court it would be interesting what model DO is using dealing with private information on EU websites hosted at DO servers outside and inside the EU. See https://www.wordfence.com/blog/2015/10/european-data-on-usa-servers-safe-harbor/

  • dj5 October 14, 2015

    It is imperative that DO find and create a viable solution to this policy asap as EU Safe Harbor as been ruled obsolete as mentioned in the Wordfence article posted by user @jasper. RE DO's current policy, "DigitalOcean complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information from European Union member countries and Switzerland. DigitalOcean has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view DigitalOcean's certification, please visit" found here: https://www.digitalocean.com/legal/privacy/

    The policy by AWS mentioned in the article by Wordfence seems to be the only approach barring fully encrypting every VPS/rack. I know DO is doing everything it can to come up with a sustainable solution as I have incoming clients from the EU that I'd like to service using my favorite hosting provider in the history of every continent. ;-) DO staff; please update this thread with any info you can asap. This is a big one for us small businesses as establishing any such deal with independent EU states would be a legal fee nightmare far beyond any revenue I/we currently have. Thx and kind regards.

Log In to Comment
10 Answers
asb MOD April 8, 2015

Sorry for the long delay on this, but I'm glad to say that we have updated the privacy policy to reflect that we are indeed Safe Harbor compliant. We had been in the process of completing a full third-party audit. This has now been completed, and our status has been update on export.gov to reflect this:

https://safeharbor.export.gov/companyinfo.aspx?id=27566

Reply
IDESIGNSTUDIO March 22, 2016

We need an update on this.
The USA-EU Safe Harbor policy was declared “invalid” by the European Commission. At the moment, there is a EU-U.S. Privacy Shield, which is again as good as 0 in front of the EU.

In the International Data Transfers section (https://www.digitalocean.com/legal/privacy/) is stated the above:
"By agreeing to the Privacy Policy, you consent to the transfer of your Personal Information for the purposes described in the Privacy Policy. You have the right to withdraw your consent at any time, but please note that if you do not consent to the transfer or if you withdraw your consent, you may not be able to benefit from all or some of our services."

May you please let us know which services we will not be able to benefit from when we take the step to withdraw our consent?

Thanks!

Reply
asb MOD December 19, 2014

Hi,

We have updated our Privacy Policy to reflect this. We realize how important this is to some of our customers, and we are currently working through a full 3rd party audit to ensure we are complying with all international Safe Harbor certification requirements. We plan to have completed this process and to update our Privacy Policy updated with verification of our certification as soon as possible.

Reply
manueldl February 2, 2015

Last answer I got from you, several weeks ago, you told us that DigitalOcean would meet safe harbor list on 31st january. However, your current state is still NotCurrent.

What's up? What is the forecast?

Reply
manueldl February 2, 2015

We can no longer keep working with a company not meeting such requirements...

Reply
tomuk5 February 14, 2015

please confirm your status for compliance on the US-EU safe harbor list:

http://safeharbor.export.gov/companyinfo.aspx?id=18129

Digital Ocean is still not compliant

Reply
itadmin377614 March 4, 2015

What is the status of this?

If DigitalOcean doesn't meet US-EU safe harbor agreement, we will be forced to change provider by the end of March

Thanks

Reply
artsi March 13, 2015

Since Digital Ocean fails to comply with this unfortunately I'm forced to choose another server provider for my new business. I can't provide all the necessary services to European customers as it is now.

Reply
tempo March 30, 2015

Can't update this? We would like to work with yours, but you will have to accomplish such requirement. Please, can you post an update?

Reply
tomuk5 April 10, 2015
[deleted]
Reply
Have another answer? Share your knowledge.