How about USA-EU Safe Harbor policy?

December 10, 2014 4.8k views

I've just had a look on your status on US-EU Safe Harbor list and it seems to be as Not Current (

For us as your customers it is crucial you to be enlisted with 'Current' status at such list. Otherwise, we can not meet the requirements of European legislation on personal data protection.

You should have updated your registration on the Safe Harbor list on october. Additionally, such a change does vary the terms of service. Are you planning to update your status on such frame? When?

  • With Safe Harbor having been invalidated in court it would be interesting what model DO is using dealing with private information on EU websites hosted at DO servers outside and inside the EU. See

  • It is imperative that DO find and create a viable solution to this policy asap as EU Safe Harbor as been ruled obsolete as mentioned in the Wordfence article posted by user @jasper. RE DO's current policy, "DigitalOcean complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information from European Union member countries and Switzerland. DigitalOcean has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view DigitalOcean's certification, please visit" found here:

    The policy by AWS mentioned in the article by Wordfence seems to be the only approach barring fully encrypting every VPS/rack. I know DO is doing everything it can to come up with a sustainable solution as I have incoming clients from the EU that I'd like to service using my favorite hosting provider in the history of every continent. ;-) DO staff; please update this thread with any info you can asap. This is a big one for us small businesses as establishing any such deal with independent EU states would be a legal fee nightmare far beyond any revenue I/we currently have. Thx and kind regards.

10 Answers

Sorry for the long delay on this, but I'm glad to say that we have updated the privacy policy to reflect that we are indeed Safe Harbor compliant. We had been in the process of completing a full third-party audit. This has now been completed, and our status has been update on to reflect this:


We have updated our Privacy Policy to reflect this. We realize how important this is to some of our customers, and we are currently working through a full 3rd party audit to ensure we are complying with all international Safe Harbor certification requirements. We plan to have completed this process and to update our Privacy Policy updated with verification of our certification as soon as possible.

Last answer I got from you, several weeks ago, you told us that DigitalOcean would meet safe harbor list on 31st january. However, your current state is still NotCurrent.

What's up? What is the forecast?

We can no longer keep working with a company not meeting such requirements...

please confirm your status for compliance on the US-EU safe harbor list:

Digital Ocean is still not compliant

What is the status of this?

If DigitalOcean doesn't meet US-EU safe harbor agreement, we will be forced to change provider by the end of March


Since Digital Ocean fails to comply with this unfortunately I'm forced to choose another server provider for my new business. I can't provide all the necessary services to European customers as it is now.

Can't update this? We would like to work with yours, but you will have to accomplish such requirement. Please, can you post an update?

We need an update on this.
The USA-EU Safe Harbor policy was declared “invalid” by the European Commission. At the moment, there is a EU-U.S. Privacy Shield, which is again as good as 0 in front of the EU.

In the International Data Transfers section ( is stated the above:
"By agreeing to the Privacy Policy, you consent to the transfer of your Personal Information for the purposes described in the Privacy Policy. You have the right to withdraw your consent at any time, but please note that if you do not consent to the transfer or if you withdraw your consent, you may not be able to benefit from all or some of our services."

May you please let us know which services we will not be able to benefit from when we take the step to withdraw our consent?


Have another answer? Share your knowledge.