Why do we choose not to use American cloud providers?
Choosing a cloud provider is more than just a technical consideration. It involves issues of security and privacy. At Hailey, we have consciously decided to use only European cloud providers with hosting in Europe (Netherlands & Finland). But why have we made this decision, and what does it really mean?
American Authorities Can Request Your Data
For American cloud providers (even those with data centers in Europe), U.S. legislation applies. The Patriot Act, Cloud Act, and FISA 702 mean that U.S. authorities, such as the CIA and FBI, have the right to request data without suspicion of crime. And because there is a duty of confidentiality, they are not required to inform the individuals or companies involved.
The Pitfalls in Data Transfer Agreements Between the EU and USA
The EU and USA have tried to find solutions through various agreements, such as Safe Harbour and Privacy Shield. Both agreements were invalidated by the European Court of Justice because they could not guarantee sufficient protection for the personal data of European citizens.
A new agreement is in place, but it is still a political arrangement and not legally binding. When this agreement is reviewed by the European Court of Justice (which is very likely to happen within a few years), we could once again find ourselves in a situation where data transfer to the USA becomes illegal.
Serious Consequences for Businesses and Individuals
Using an American cloud provider can have significant consequences, not just for your company which may have to deal with the hassle of switching HR system providers as a result of their cloud services, but also for the privacy of individuals working for you. When you handle sensitive data like HR information, American authorities can use it in ways we cannot control.
For example, American authorities may engage in:
- Profiling: The data can be used to build profiles of individuals or groups based on their behaviors, preferences, and social networks, which could lead to discrimination.
- Sharing with Third Parties: The information can be shared with other agencies, organizations, and even foreign governments without any transparency.
- Economic Espionage: Economic data can be used for economic espionage or to provide insider information to American companies.
- Influence Campaigns: Personal data can be used to conduct targeted influence campaigns, such as political propaganda or disinformation.
Leaks can also lead to legal problems back in Europe, where data protection laws are stricter. Additionally, judgments (like the Schrems II decision, which invalidated the previous agreement) could lead to potential sanctions for companies.
Hailey Chooses European Cloud Providers
At Hailey, we place great importance on ensuring top-level data security and being 100% GDPR-compliant. Therefore, we exclusively choose European-owned data centers with hosting in Europe as our cloud providers. We do this to avoid data risks and ensure that our customers' data is protected according to the highest standards. Our customers' data never leaves European borders and is always covered by EU's stringent legislation. It is a decision we are proud of.
Read more about how we work with security & GDPR at Hailey
One of the reasons we founded Hailey was to offer an HR platform that meets high security standards and legal requirements. Storage policies are applied to all employee data, helping you to automatically purge data and comply with GDPR. To ensure legal compliance, we do not store any data with American providers.