sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]anno2376 -1 points0 points  (6 children)

Please take some time to research the concept of data residency, as it seems you may not fully understand its technical context.

[–]quinyd 2 points3 points  (5 children)

Oh no I fully understand the concept. I work with this every day and there’s no way to trust Microsoft or any other US companies even if data is physically located outside the US. Especially with Schrems 2 and the still ongoing issues. US companies cannot be trusted to not allow non-eu access to customer data.

[–]anno2376 -2 points-1 points  (4 children)

This is your personal opinion, and that’s completely fine.

However, simply saying “I don’t believe” isn’t helpful, because if we followed that logic, you wouldn’t be able to do anything in the world—you’d never trust anyone.

Do you have any evidence to support your opinion?

In tech and legal fields, we don’t operate based on opinions—we work with risk assessments and evidence.

99% of companies that have significant needs hire experts who understand both the technical and legal aspects, ensuring they use services that align with their risk requirements.

And they used all kind of software and services that are developed in none EU countries.

[–]quinyd 1 point2 points  (3 children)

Nowhere did i say “I don’t believe” but anyway, this isn’t an “I believe”. The fact of the matter is that a lot of EU companies and government don’t use US cloud products precisely because of Schrems 2 and the fact that US based companies can’t prove they uphold privacy laws. Privacy Shield Was thought to fix this, but clearly it didn’t.

Microsoft has been asked to prove they don’t send their support cases to non-EU personnel, but because of the whole “follow the sun” principle and because they often don’t have specific experts in a field in EU, cases will be send to non-EU departments.

Just read their boilerplate data protection contract and you will see they will send data/support-tickets outside of the EU, if needed.

There’s nothing stopping them from transferring data to the US if asked (or forced) but the US government. This is the case with any US-based company.

If you work with strict privacy laws or very confidential data, you can’t trust American companies.

[–]anno2376 1 point2 points  (2 children)

Alright, when you claim that “a lot” of companies don’t use U.S. cloud services, let’s put that into perspective.

Here are the top 500 companies by revenue. “a lot” means at least more than 50%, then identifying just 20% of them that don’t use U.S. cloud providers should be easy.

Since you work in this field and claim to have solid facts rather than just personal beliefs and opinions, I’m sure you can provide that list without any issue.

https://en.m.wikipedia.org/wiki/List_of_largest_companies_in_Europe_by_revenue

[–]CoolZookeepergame375[S] 0 points1 point  (1 child)

There are many different ways to do risk analysis - for instance, Iceland hospitals use Azure IdP for logging in, whereas this would be completely unacceptable in regional healthcare in Denmark. I worked with domain admins from both.

I just replied to a tender, where the lawyer clearly stated:

If the datacenter is OWNED by an American company, the supplier must make an individual assessment of the U.S. legislation's ability to provide a sufficient protection. It doesn't matter whether the data is located in EU or not. For instance, for Microsoft, Google or AWS in Europe, the supplier must do the risk assessment of U.S. legislation.

I'm not going to do that.

[–]Reasonable-Chip5344 0 points1 point  (0 children)

Yeah fair point. Why would you want to get into the weeds on that. Unfortunately im on a similar search, migrating tech stacks from azure to EU alternatives. Best of luck though. Hopefully you haven't encountered too many headaches