Linode Safe Harbor Certification

July 14, 2009 10:27 am

On June 19, 2009 we finalized the self-certification process and Department of Commerce registration for the U.S./EU Safe Harbor program. Essentially, this program is designed to provide a high level of assurance that U.S.-based organizations meet EU standards for strong privacy protection and the proper handling of personal information. Our commitment to transparency and responsibility in the ways we collect and use our customers’ personal information is spelled out in our new privacy policy.

14 Responses

  1. Does this mean you installed a carnivore system to monitor all of us customers? Will the Department of Homeland Security get a copy of all our email now?

  2. It’s nice to see that companies are starting to use this. Great job, Linode!

  3. @Scott, Safe Harbor List has nothing to do with carnivore systems.

    @pparadis, that’s great news for yours european clients.

    Just for curiosity sake, what’s your answer for this Safe Harbor question:
    Do you agree to cooperate and comply with the European Data Protection Authorities?

  4. Great work Phil. I am *green* with envy.

  5. As a European, I very much welcome this, yet another reason to choose Linode!

  6. I started reading those crappy regulation of Safe Harbor Certification and this is pretty scary in terms of BS. One way or another, this will translate into less competition, less freedom and more authoritarian control by government people.
    What are the consequences for the data on my linodes? I am still unclear about that.
    In any case, Linode is really good. I highly recommend it and with the kind of government we have today, there is no much choice but to comply.

  7. Does this mean there some europian servers on their way?

  8. I’d like to take this opportunity to address a few of the questions raised here.

    (1) No, we’re not logging your email and sending it the government. Safe Harbor has nothing to do with such programs.

    (2) Referencing the inquiry regarding the European Data Protection Authorities, that specific requirement exists if someone is covering human resources data under the program. As we are not, we do not need to agree to this.

    (3) To address JRC’s concerns, the purpose of the program is to provide a framework under which privacy protection regulations may be agreed upon by both U.S. and EU entities. The framework is specifically designed to provide a high level of assurance that participating organizations respect EU standards for privacy, without the governmental reporting burdens imposed on EU-based organizations. Participating U.S. organizations agree to mediation by an approved third party in case of disputes.

    There are no consequences for customer data on Linodes; customers are not covered under the Safe Harbor framework in their own right merely by hosting with us. However, they are assured that we are treating their personal information with the respect expected of an organization that believes in strict privacy protections.

    Thanks for the feedback, everyone!

  9. Will you actively refuse the government data if they demand it?

  10. As an European service provider, we are obligated to inform our European customers for their customer information (name, address etc) being stored on the servers outside the EU, in the United States.

    We need to take care of the authority reporting ourselves as to what kind of information we store and what is the purpose of storing that information. We do not need to deliver the actual data to the government.

    With the Safe Harbor certification, I assume that we can trust that if the need arises (hardware failures etc..) the linode stored information is treated according to the privacy protection laws of the EU (ie. not sold to third parties, broken hard drives are destroyed with providers following EU Safe Harbor regulations and the data can not be recovered by entities hostile to EU)

  11. Participation in the Safe Harbor program does not mean we can refuse to provide data to government authorities who produce a valid subpoena or warrant.

  12. In accordance with our privacy policy, we do not sell any customer information to third parties. Hard drives are destroyed at a facility that meets or exceeds industry and government standards for assured data destruction.

  13. I’m very happy to see that my linode server conforms my country legislation, because I’m from the UE 🙂

    Now I can make bussines without worrying about UE hosting policies.

    Keep on good working!! 😀

  14. If your servers are safe harbor certified, do we still need certification as a company and for our unique server accounts and configurations? Or do you have us covered?

Leave a Reply