Some Companies Don't Push Back
While Amazon, Google, and Microsoft all have legal teams who regularly push back against warrants and court orders that are overly broad or exceed the authority of the requester, there are many SaaS companies that make no such public promises and that don’t publish transparency reports.
[Read more about this in our blog How SaaS Companies Avoid Compelled Access With Encryption.]
That's Why Holding EU Data Is Tricky These Days
EU citizens have a right to privacy stemming from their Charter of Fundamental Rights. The issue is that the US government can secretly view the personal data of EU citizens if the data is held by US companies (regardless of where the servers sit). And the process of getting that data follows US law, which doesn't give EU citizens the protections guaranteed in their Charter.
In short, US officials can compel access to this data, and there’s little EU citizens can do about it.
Technical Solutions That Protect Personal Data
So what can you do about it? There are three solutions we recommend for US companies that hold EU citizen data:
-
Zero-trust and End-to-end Encryption
-
Trust-but-verify and Customer Held Encryption Keys
-
Cryptography Based Access Control
Read more about each technical solution at the bottom of our Privacy Shield blog.
