Question

Will DigitalOcean follow Twitters example in protecting EU customers?

Posted April 29, 2015 2.9k views
Security DigitalOcean

Twitter setup a new independant branch located in Ireland so the NSA can’t threaten them in court to reveal EU customer data. I think I may reopen my twitter account again :)

If you live outside the United States, our services are now provided to you by Twitter International Company, our company based in Dublin, Ireland. Twitter International Company will be responsible for handling your account information under Irish privacy and data protection law, which is based on the European Union’s Data Protection Directive.

Regarding the high sensitivity of running private mail servers and such on DO droplets, I ask myself if DO is considering (now or in the near future) a separate branch to protect it’s EU customers.

Of course there won’t be any internal discussion based on “because we care” but there is a thing called “because it pays” - which board members usually agree with. As an example - right now I can’t offer DO products to my german business clients because DO is a US company. Therefore I have to select the more expensive EU cloud providers - who profit heavily from everybodies fear of the NSA.

Add a comment
screenwatcher
By:
screenwatcher
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

4 answers
ryanpq April 29, 2015

We will soon be publishing a Privacy specific FAQ which will address many questions related to official requests for data. Right now we have no plans to open a subsidiary outside the US.

One thing to note is that unlike with twitter, you control all data you place on your droplets and can choose to encrypt sensitive data.

Reply Report
  • screenwatcher April 29, 2015

    OK, to be fair anything posted on twitter is not private anyway. So with that in mind I would never post anything I’m not comfortable with for anyone to see. The only thing I worry about is the collection of location data when using their service.

    Coming back to DO - I appreciate the effort to educate your customers about privacy concerns - maybe you could compliment this FAQ with a some tutorials on how to fully encrypt stored emails on a mail server (e.g. with iredmail)?

    Reply Report
  • ryanpq April 29, 2015

    That’s an excellent suggestion and I’ll pass it along to our editorial team. A quick search of our tutorials found this one on creating an encrypted volume on Ubuntu which may be helpful.

    How To Use DM-Crypt to Create an Encrypted Volume on an Ubuntu VPS
    by Justin Ellingwood
    Encrypting your data is a great way to ensure that nobody will have access to your sensitive information if they ever get access to your server. There are many possible uses for this, such as making it easier to decommission servers with sensitive data, storing uncommonly accessed but important files, etc. In this guide, we will discuss how to use dm-crypt to create create an encrypted volume out of a regular empty file.
    Reply Report
screenwatcher April 29, 2015

That is very helpful indeed.
Thanks again for your great support Ryan!
You always have some useful links up your sleeve ;)

Reply Report
screenwatcher May 3, 2015

More & more big companies seem to wake up and change their business model.

Today Dropbox joins Twitter in the fight for customers privacy.

If you’re a user living outside of North America (U.S., Canada, Mexico), we’re updating our Terms of Service to better serve you and the growing number of Dropbox users around the world. These changes include the fact that we’ll be providing our services (including Dropbox, Dropbox for Business, Carousel, and Mailbox) to you via *Dropbox Ireland* starting on June 1, 2015.*

Reply Report
IDESIGNSTUDIO March 22, 2016

I am curious to get an update on this too. Just started testing DO and ServerPilot and the performance results are great, but it looks like the EU data protection laws might not make this one possible in a long term.

If we face the choice between 1) to be brought in front of the court by some of our clients or concurrence because we do not apply with the EU data protection laws by using EU data center owned by US company (+ agreeing on information transfer to US (by accepting the DO policy)), and 2) be completely protected by using a server provider registered in EU, guess which one we MUST choose.

Of course, we should inform our customers about the privacy and if they agree to our service, then their data can travel to US and loose its privacy protection, but can you imagine how they will embrace that!

I think DO should reconsider its European Market very well very soon. EU will not step back and the EU privacy laws will get reinforced and really applied. It always starts with the big companies/corporations but in a long term is affecting the market where the small companies and individuals come to play. At the end of the day, nobody would want to go to jail, we will just switch the server provider.

Curious to hear some more user thoughts on this and even comments from DO.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help