In October of 2015, the European Court of Justice (ECJ) made a landmark ruling regarding the fundamental law and framework governing the data protection standards for European citizens – they struck down Safe Harbor. This was a landmark and bombshell moment for Software-as-a-Service (SaaS) companies who operate from the United States – in fact, it was a ruling that put almost all trans-national cloud companies at risk. This includes Facebook, Amazon, and almost all the cloud-based services that operate out of the United States.
What is Safe Harbor:
The Safe Harbor agreement allowed companies in the United States to transfer European citizens’ data to America, provided where it was being sent to had privacy protections that met EU standards.
It allowed companies to carry out a self-certification process, promising to protect EU data stored on U.S. soil. The agreement is key for thousands of companies operating in the EU and worldwide.
QuestionPro & Safe Harbor
QuestionPro has clients globally, including Europe – which means we (and our clients) are definitely impacted by this ruling. The good news is that we were already working on a solution for some of our larger enterprise clients to provide a mechanism for the survey and response data to be stored in Europe.
While the Safe Harbor ruling by the ECJ did surprise us – it also accelerated our plans for opening up the data-center in Europe, thus ensuring data security. We also took this opportunity to see if there were other areas we should consider – and Canada came up in the discussions with many of our key clients.
Distributed Data-Centers:
We’re pleased to announce that we now have the option for our customers to choose where data is collected and housed. In addition to our US datacenter, we now have datacenters in Toronto, Canada and in Amsterdam, Netherlands. This gives our client’s a global reach and legal options on where data is collected and stored.
Data Migration:
If existing customers need to migrate their data to the EU or the CA data-center, we can enable that as well. Because of the extra work involved, we are currently only providing this option to our enterprise clients and there will be a one-time migration fee associated with this move. Alternatively, we are also providing our enterprise clients with an option to sunset data that is stored in the US. We will then move all future data-collection into other datacenters.
Asia PAC / Singapore:
Our next project is to expand infrastructure and will include Asia-Pacific. Specifically, we are looking at Singapore and Australia to be our next targets. We aim to have a datacenter in at least one location by Q2 of this year.
Technical Challenge:
Next week, I will follow up on the technical aspects of our multi-datacenter strategy. Our key technical challenge is to ensure that the entire system is seamless for all customers, regardless of location. This will ensure that users and visitors of the QuestionPro website are also redirected to the correct datacenter.
As evidenced by the recent Apple / FBI spat over privacy regulations and balancing that with law enforcement is evolving as we speak. Our goal is to adapt and evolve as the regulations around us also change – with the change in perception and laws.
