Comment by Vespasian
3 years ago
As I read it the issue is that the American HQ can order their European subsidiary to provide the data.
Hetzner US does not have a European subsidary and therefore cannot violate GDPR (assuming US personal can't access EU customer data).
Hetzner HQ is in Germany and is not allowed to enforce the CLOUD Act outside the US
That could also be correct.
But if I was under legal/contractual obligations, with Hetzner as my hosting provider, I would have their legal department confirm this.
Since Hetzner found the need for appending the paragraph I referenced, they must have become aware of something.
True.
Now that they are entangled with US law there might be an incentive to be as a cooperative as possible.
Yet, Hetzner is still a "better" option (with regards to data protection) than any of the big US-based cloud providers.
Not sure I follow, in what way are they better?
Imho, as soon as you do business with the US or trade in US Dollars, you need to play nice with the relevant authorities.
If I understood it correctly, Hetzner is now "infected" in the same way as the three US cloud providers are. The Schrems II verdict and Cloud ACT basically concludes that no European company can exist in the US and vice versa without having to deal with the same pesky legislation.
An alternative could of course be that Hetzner created a new US based company where the EU parent Hetzner company only holds a minority ownership in the new US-based company. The EU based parent company in turn then "sells" its technology to the new US company. This way, the arrangement becomes more reminiscent of how IBM has sold its mainframe to European companies...
3 replies →