Will DigitalOcean follow Twitters example in protecting EU customers?

April 29, 2015 2k views
DigitalOcean Security

Twitter setup a new independant branch located in Ireland so the NSA can't threaten them in court to reveal EU customer data. I think I may reopen my twitter account again :)

If you live outside the United States, our services are now provided to you by Twitter International Company, our company based in Dublin, Ireland. Twitter International Company will be responsible for handling your account information under Irish privacy and data protection law, which is based on the European Union’s Data Protection Directive.

Regarding the high sensitivity of running private mail servers and such on DO droplets, I ask myself if DO is considering (now or in the near future) a separate branch to protect it's EU customers.

Of course there won't be any internal discussion based on "because we care" but there is a thing called "because it pays" - which board members usually agree with. As an example - right now I can't offer DO products to my german business clients because DO is a US company. Therefore I have to select the more expensive EU cloud providers - who profit heavily from everybodies fear of the NSA.

4 Answers

We will soon be publishing a Privacy specific FAQ which will address many questions related to official requests for data. Right now we have no plans to open a subsidiary outside the US.

One thing to note is that unlike with twitter, you control all data you place on your droplets and can choose to encrypt sensitive data.

  • OK, to be fair anything posted on twitter is not private anyway. So with that in mind I would never post anything I'm not comfortable with for anyone to see. The only thing I worry about is the collection of location data when using their service.

    Coming back to DO - I appreciate the effort to educate your customers about privacy concerns - maybe you could compliment this FAQ with a some tutorials on how to fully encrypt stored emails on a mail server (e.g. with iredmail)?

  • That's an excellent suggestion and I'll pass it along to our editorial team. A quick search of our tutorials found this one on creating an encrypted volume on Ubuntu which may be helpful.

    by Justin Ellingwood
    Encrypting your data is a great way to ensure that nobody will have access to your sensitive information if they ever get access to your server. There are many possible uses for this, such as making it easier to decommission servers with sensitive data, storing uncommonly accessed but important files, etc. In this guide, we will discuss how to use dm-crypt to create create an encrypted volume out of a regular empty file.

That is very helpful indeed.
Thanks again for your great support Ryan!
You always have some useful links up your sleeve ;)

More & more big companies seem to wake up and change their business model.

Today Dropbox joins Twitter in the fight for customers privacy.

If you're a user living outside of North America (U.S., Canada, Mexico), we're updating our Terms of Service to better serve you and the growing number of Dropbox users around the world. These changes include the fact that we'll be providing our services (including Dropbox, Dropbox for Business, Carousel, and Mailbox) to you via *Dropbox Ireland* starting on June 1, 2015.*

I am curious to get an update on this too. Just started testing DO and ServerPilot and the performance results are great, but it looks like the EU data protection laws might not make this one possible in a long term.

If we face the choice between 1) to be brought in front of the court by some of our clients or concurrence because we do not apply with the EU data protection laws by using EU data center owned by US company (+ agreeing on information transfer to US (by accepting the DO policy)), and 2) be completely protected by using a server provider registered in EU, guess which one we MUST choose.

Of course, we should inform our customers about the privacy and if they agree to our service, then their data can travel to US and loose its privacy protection, but can you imagine how they will embrace that!

I think DO should reconsider its European Market very well very soon. EU will not step back and the EU privacy laws will get reinforced and really applied. It always starts with the big companies/corporations but in a long term is affecting the market where the small companies and individuals come to play. At the end of the day, nobody would want to go to jail, we will just switch the server provider.

Curious to hear some more user thoughts on this and even comments from DO.

Have another answer? Share your knowledge.