numeric-sovereignty.org

Your journey towards numeric sovereignty starts here !

Why worry about data stored outside Europe?

Mass surveillance

In the United States (and indeed elsewhere), there are laws such as the Patriot Act (in force since 2001), the FISA Amendments Act (in force since 2008), and more recently the CLOUD Act (in force since 2018) which allow the US government to access data stored by US companies without a court order, even if that data belongs to foreign nationals.

This means that if your emails pass through US MX servers (Gmail, Outlook, Amazon, etc.), US agencies (the NSA, the FBI) can legally access them without informing you and with complete impunity.

In this case, it is not a question of whether or not you have something to hide. Everyone has a right to privacy, and their data should not be exploited.

Jurisdiction and data sovereignty

Data stored in the United States is subject to US jurisdiction, even if you are European. This therefore raises a problem regarding numeric sovereignty:

  • Your data may be transferred to the US authorities upon request.
  • US companies are required to cooperate with the intelligence services (e.g. PRISM).
  • The European General Data Protection Regulation (GDPR) has no bearing on this data.

In 2020, the Court of Justice of the European Union invalidated the Privacy Shield (the EU-US data transfer agreement) on these grounds, confirming that the United States does not ensure an adequate level of protection.

Practical examples

Several scandals have revealed the extent of the surveillance:

  • PRISM (2013): An NSA programme enabling access to user data from Google, Microsoft, Apple, etc. (Source: Edward Snowden’s revelations)
  • Microsoft (2020): Has admitted to passing on European users’ data to the US authorities, despite the GDPR.
  • Amazon Web Services (AWS): Used by many European companies, but subject to US law.

Even seemingly ‘harmless’ tools such as MX records (mail servers) can expose your communications to this surveillance if they are hosted in the United States.

What can you do to protect your data ?

Fortunately, there are alternatives :

  • Choose European hosting providers :
    • OVH (France), Infomaniak (Switzerland), Hetzner (Germany) and many others.
    • Avoid AWS (Amazon), Google Cloud, Microsoft Azure, etc. for sensitive data.
  • Check MX records : Use this tool to find out whether your emails are routed through US servers (such as Gmail or Outlook).
  • Encrypt your emails : Use services such as ProtonMail (Switzerland) or Tutanota (Germany) for end-to-end encryption.
  • Raising awareness among those around you : Many people and businesses are unaware that their data is at risk!
Back to the home page
Sources: Court of Justice of the European Union (2020), Edward Snowden’s revelations (2013), EFF reports.
Electronic Frontier Foundation | European Digital Rights