It’s all about ensuring that data stays in the EU
With growing concerns about data privacy and security, the demand for GDPR compliant cloud services that guarantee data remains within EU borders has surged. Merrymake's Danish compute cloud provides a robust solution, ensuring that all data is stored and processed exclusively within the European Union. This commitment to keeping data in the EU not only aligns with GDPR requirements, but also addresses the broader concerns surrounding the EU-U.S. Data Privacy Framework.
If you want to get technical, it all revolves around the European Commission's third adequacy decision in July 2023 and the US Executive Order 14086 (EO 14086), which leaves significant concerns regarding GDPR compliance. The adequacy decision does not provide a legal basis for US cloud providers to disclose EU-based data to US authorities, as it only covers transfers to self-certified US recipients. Furthermore, EO 14086 and the new Data Protection Review Court (DPRC) fail to address fundamental issues with US surveillance laws, such as FISA 702, which conflict with GDPR requirements. These US laws can compel US-based providers to disclose data processed in the EU, violating GDPR principles of data protection and potentially undermining EU data sovereignty. Coupled with current US affairs, the head of The Danish Data Protection Agency (Datatilsynet) recommends Danish (and by extension, European) companies to have a plan ready for leaving the big US clouds.