Comment by Fnoord
12 days ago
Who is 'we'? Which data are you referring to? (If you mean e.g. Samsung Galaxy with GrapheneOS, by all means.)
We need to consider a few factors.
If you are from EU, and you want GDPR to be enforced, you need to work with countries which follow your local law. The USA is hinting at no longer doing so, since it retaliates with sanctions.
Now, where would you host, and why? Norway seems like an interesting target, since they are very high on renewable energy. Norway isn't part of EU, but part of the EEA. Latency with Asian countries such as South Korea, Japan, and Australia isn't going to be ideal. But if the company behind it is from there, and they have a local presence in Europe, why not? Could even work with proprietary software. FOSS can help here.
Hardware is a difficult target. It is near impossible to avoid China in this regard. And if you do, you often end up with US products. OSHW can help, but it is rather uncommon. We also have a constraint: we need energy efficient in Europe.
Good point... It depends on what I would turn up.
It it's something public/political like a Lemmy/Mastodon instance, I would pick a foreign jurisdiction which is unlikely to enforce something like the UK's OSA or USA and EU sanctions... I don't know where it would be best, some country in the Balkans, maybe?
If it's a service (even commercial) meant to be used only by a few people that I have direct (personal or business) relationships, I'd just ask their preferences (and bias towards the cheapest jurisdiction for hosting).
If it's something B2C, hosting exclusively outside of Europe would probably just make things more difficult to me, so it'd probably be within the EU (Hetzner?)