As a result of the EU-US Privacy Shield framework being declared invalid, storing confidential data on American servers may no longer be considered to offer adequate protection within Europe. Nevertheless, many online services that offer file sharing continue to make direct or indirect use of US-based services, which means that your data may not be stored securely according to European privacy laws. Fortunately, FileSender offers an adequate alternative, making it possible to keep all data under your own control within Europe.
In 2013, Austrian activist Max Schrems was eager to find out why Facebook Ireland was allowed to provide his personal data to Facebook Inc. in California. The Data Protection Authority (DPA) in Ireland decided to submit the question to the European Court of Justice, which ruled that the Safe Harbor agreement of the time was not legally valid.
Schrems II judgment
In 2020, the follow-up Schrems II challenged the acceptance of the US Privacy Shield under GDPR, which aimed to be approved as offering an equivalent level of protection to the European standard via an “adequacy decision”. Although initially accepted, the Schrems II case meant that the Privacy Shield adequacy decision was immediately declared invalid. The European Court of Justice ruled that stricter requirements were needed for transfers to the US.
Understanding where data is held and what processes must be put in place can be complicated for organizations, with services often hosted and data distributed to American companies such as Amazon, Akamai, Microsoft and Google. Many of these providers also have servers in the European Union and can hold data for European citizens on these servers, but ensuring that this is the only place where data is held and can be accessed is a challenge.
Cloud Act
For every cloud provider that is a subsidiary of an American parent company, the US government has access to the data stored therein — this is laid down in the Cloud Act. This applies even if these companies have European offices and store data in Europe. The Schrems II judgment showed that US government agencies may access personal data stored in the United States, regardless of European rules.
Online, there are many services that allow the exchange of files between users. What many users do not know is that many of these services, either directly or indirectly, use the servers of US providers for the (temporary) storage of data. The danger that comes with it, is that US government agencies may be able to see the data, which is not ideal for those working with confidential data.
FileSender
FileSender is an open source web application that organizations can install at no cost. Through FileSender, organizations can offer their users an online service with which they can share their files securely whilst using local storage options. Organizations are completely free in the way they install FileSender in their infrastructure and organizations are able to host FileSender on-premises or in a private cloud in an appropriate data center. This means that they can offer the FileSender service in compliance with the General Data Protection Regulation (GDPR).
Want to know more about the possibilities of FileSender? Read all about FileSender on https://filesender.org/software/ and download the software for free.
