Not only since the introduction of the Data Protection Basic Regulation (GDPR) has the topic of data protection regularly been the focus of attention in Germany. In an international comparison, Germany is one of the pioneers when it comes to data protection. The quality seal “Made in Germany” also plays a role in the choice of cloud environments. The customer wants the German cloud, and with good reason.

US government vs. Germany: Cloud services in an international comparison

Anyone who has found the right provider for a cloud solution, or even free cloud storage, floats in colloquial German on “Wolke 7” and in colloquial English on “cloud 9”. However, it is very unlikely that the inventors of these idioms thought of a computer center or online storage.

In addition to the linguistic nuances, there are of course other differences between American and German cloud providers that the customer should consider when looking for an optimized data center. The key words here are data protection. Just think of the NSA affair!

3 Reasons for the German Cloud

  • Access by unauthorised third parties: If you want to access data without authorization, you will probably not be impressed by the applicable data protection regulations. With the GDPR, however, the responsibility for data protection clearly lies with cloud providers, who have once again strengthened their data protection regulations in Germany. Providers like TeamDrive therefore rely on end-to-end encryption with AES 256-bit, the world’s most secure method.

  • Access by the cloud provider: Especially in comparison with European case law, the American data protection regulations are quite loose. The famous “small print” therefore also contains clauses for some US providers, which allow the company to evaluate the uploaded data, for example, to optimize the offer or to display advertising. In particular, free offers from American operators are often very questionable in terms of confidentiality and the protection of personal data. The passing on of e-mail addresses, contacts or the content analysis and evaluation of stored data is often carried out without sufficiently informing the customer.

  • Access by the state: In Germany, the strict data protection regulations also apply to access by the state. In the USA it looks different. Non US-citizens do not enjoy any data protection rights. With jurisdictions such as the “Patriot Act” and the “Cloud Act”, American authorities and secret services can access personal data and thus undermine the strict European data protection laws.

A simple example shows how American and German case law differ when it comes to data protection. The American “Cloud Act” prohibits the disclosure of data to affected parties, while the German GDPR contains the obligation to provide information. In the German cloud, the customer is king.

Personal data is not sufficiently protected in the USA

According to a ruling of the European Court of Justice, the personal data of European users are not sufficiently protected in the USA. Although the European-American “Privacy Shield” agreement is intended to guarantee a GDPR-compliant transfer of personal data from European users to US American companies, it is questioned by data protection groups. This criticism is a clear argument for the use of a cloud that is not controlled by an American company.

In case you use a cloud from a non-EU company, your own application or service should provide end-to-end encryption and the keys of long length (AES-256) should be exclusively yours.

These cloud storage services use the server location Germany

Due to the problems discussed above, more and more American cloud services are also offering an optional server location in Germany. For example, business customers of the American provider Dropbox or Box can decide to store their own data on special servers in Germany, but this service is not offered to private customers in the public cloud. The problem of American law, to which service providers are subject to, applies to all users.

Thus, these services neglect the second aspect: the legal domicile of the company. Only cloud storage that has both its company headquarters and its server location in Germany is fully subject to the strict European and German data protection regulations. Unlike Dropbox, Microsoft or Google, TeamDrive does not only have its headquarters in Germany, but also uses Germany as its server location. This guarantees GDPR-compliant data processing.

For every data storage in the cloud, it is equally true that only end-to-end encryption makes it impossible for the service provider to view the data entrusted to him. A malfunction or break-in in the cloud service will then have no disastrous consequences. With the TeamDrive cloud service, all data is always automatically encrypted end-to-end. TeamDrive, thus, offers its users the highest possible level of security and confidentiality.