Comment by q-base
3 years ago
To the best of my knowledge, this is already too late. I remember reading through their FAQ and seeing that hence they now have a US-based owner, they are then within reach of US 3-letter agencies.
3 years ago
To the best of my knowledge, this is already too late. I remember reading through their FAQ and seeing that hence they now have a US-based owner, they are then within reach of US 3-letter agencies.
Hetzner Online GmbH and Hetzner Cloud GmbH are fully owned (resp. majority-owned) by ENSoXX Holding AG of which Martin Hetzner is the CEO and which seems to be the parent company[0]. I cannot find any indication in the publicly available documents that any US company (or any other company for that matter) holds more than a 25% share in ENSoXX Holding AG. (25% is the reporting threshold.)
In the 2022 annual financial statement they do mention expanding to the US, though they don't go into the legal details. As the link posted in the cousin comment mentions, though:
> Hetzner US LLC, as a subsidiary of Hetzner Online GmbH, provides data center services within the USA for the parent company, Hetzner Online.[2]
So there is no US owner.
[0]: https://www.northdata.de/Hetzner+Online+GmbH,+Gunzenhausen/A...
[1]: https://www.unternehmensregister.de/ (enter "ENSoXX Holding AG" in the text field)
[2]: https://docs.hetzner.com/general/general-terms-and-condition...
Quite impressive the numbers they're doing
78M profit on 290M revenue
(See [0] above)
_ edited figures _
They also distributed some 50M EUR to employees and management
a friend of mine told some support staff got 20k EUR in bonuses last year because of that
probably they figured out, it's easier to give some of the profits away than pay a higher tax
1 reply →
It's insane that they are so cheap and they could still have a third lower prices and not lose money somehow
2 replies →
I see 78M on 290M EUR but yeah, still very impressive!
I can't find any info that they are owned by a US company. Can you link to a source?
From here: https://docs.hetzner.com/general/general-terms-and-condition...
Conclusion:
In summary, you as a customer do have influence - to a certain extent - on shaping who has access to the data on your servers. EU and US authorities do have to follow the laws and legal procedures in requesting data. However, this may give you a false sense of security since some authorities have been known to stretch or violate agreements. If you require a web hosting company that has absolutely no connections to the USA, then unfortunately, we may no longer be the best choice for you. Since Hetzner US LLC is part of the Hetzner Group, there certainly is a connection. We hope that we have explained things clearly from our point of view using the two above case studies.
Ok, but: "US authorities do not have direct access to your server or its content in the EU. US authorities have to comply with the regulations of the EU legislation.".
So, because Hetzner is not owned by a US company, stuff like the CLOUD act doesn't apply to them. So, if you have a contract with the German entity of Hetzner and use a German server, you should be fine in terms of GDPR.
7 replies →
The way I read that is:
Hetzner Europe is owned by Hetzner Group, a German company. Hetzner US is also owned by that German company. Hetzner Europe isn't owned by a US company, it's just a sibling to one.
The content of that link sounds fine in terms of GDPR if one only uses the EU servers. Am I missing something?
8 replies →
Hetzner is owned by a holding company owned by Ensoxx and Ensoxx is Martin Hetzner's company as far as I can tell.
That seems to be correct. My understanding (IANAL) of Schrems II is that the problem exists when a EU datacenter is under the direct or indirect control of a US company. Indirect in this case meaning operated by a EU company that is the subsidiary of a US company, as is the case with AWS, Google and Microsoft.
Since the EU datacenters seem to be operated by EU companies and the US company is merely a sibling subsidiary of Ensoxx, which itself is also an EU company, this should provide sufficient isolation to prevent interference from US agencies short of direct sabotage or espionage (since the EU staff is not in the chain of command of the US company).
So for a definitive answer you probably want your lawyers to talk to Hetzner's lawyers but at face value this is at least miles ahead of any US-based cloud provider, which in all honesty is still the default solution for most EU-based companies despite this ruling.