Skip to main content

Linode Safe Harbor Certification

On June 19, 2009 we finalized the self-certification process and Department of Commerce registration for the U.S./EU Safe Harbor program. Essentially, this program is designed to provide a high level of assurance that U.S.-based organizations meet EU standards for strong privacy protection and the proper handling of personal information. Our commitment to transparency and responsibility in the ways we collect and use our customers’ personal information is spelled out in our new privacy policy.

Comments (14)

  1. Scott Blaydes

    Does this mean you installed a carnivore system to monitor all of us customers? Will the Department of Homeland Security get a copy of all our email now?

  2. SomKen

    It’s nice to see that companies are starting to use this. Great job, Linode!

  3. advocatux

    @Scott, Safe Harbor List has nothing to do with carnivore systems.

    @pparadis, that’s great news for yours european clients.

    Just for curiosity sake, what’s your answer for this Safe Harbor question:
    Do you agree to cooperate and comply with the European Data Protection Authorities?

  4. Yaakov

    Great work Phil. I am *green* with envy.

  5. Neil Grogan

    As a European, I very much welcome this, yet another reason to choose Linode!

  6. JCR

    I started reading those crappy regulation of Safe Harbor Certification and this is pretty scary in terms of BS. One way or another, this will translate into less competition, less freedom and more authoritarian control by government people.
    What are the consequences for the data on my linodes? I am still unclear about that.
    In any case, Linode is really good. I highly recommend it and with the kind of government we have today, there is no much choice but to comply.

  7. Stuart

    Does this mean there some europian servers on their way?

  8. Phil Paradis

    I’d like to take this opportunity to address a few of the questions raised here.

    (1) No, we’re not logging your email and sending it the government. Safe Harbor has nothing to do with such programs.

    (2) Referencing the inquiry regarding the European Data Protection Authorities, that specific requirement exists if someone is covering human resources data under the program. As we are not, we do not need to agree to this.

    (3) To address JRC’s concerns, the purpose of the program is to provide a framework under which privacy protection regulations may be agreed upon by both U.S. and EU entities. The framework is specifically designed to provide a high level of assurance that participating organizations respect EU standards for privacy, without the governmental reporting burdens imposed on EU-based organizations. Participating U.S. organizations agree to mediation by an approved third party in case of disputes.

    There are no consequences for customer data on Linodes; customers are not covered under the Safe Harbor framework in their own right merely by hosting with us. However, they are assured that we are treating their personal information with the respect expected of an organization that believes in strict privacy protections.

    Thanks for the feedback, everyone!

  9. Nicklas W Bjurman

    Will you actively refuse the government data if they demand it?

    • Phil Paradis

      Participation in the Safe Harbor program does not mean we can refuse to provide data to government authorities who produce a valid subpoena or warrant.

  10. Pete

    As an European service provider, we are obligated to inform our European customers for their customer information (name, address etc) being stored on the servers outside the EU, in the United States.

    We need to take care of the authority reporting ourselves as to what kind of information we store and what is the purpose of storing that information. We do not need to deliver the actual data to the government.

    With the Safe Harbor certification, I assume that we can trust that if the need arises (hardware failures etc..) the linode stored information is treated according to the privacy protection laws of the EU (ie. not sold to third parties, broken hard drives are destroyed with providers following EU Safe Harbor regulations and the data can not be recovered by entities hostile to EU)

    • Phil Paradis

      In accordance with our privacy policy, we do not sell any customer information to third parties. Hard drives are destroyed at a facility that meets or exceeds industry and government standards for assured data destruction.

  11. Samuel

    I’m very happy to see that my linode server conforms my country legislation, because I’m from the UE 🙂

    Now I can make bussines without worrying about UE hosting policies.

    Keep on good working!! 😀

  12. Certified

    If your servers are safe harbor certified, do we still need certification as a company and for our unique server accounts and configurations? Or do you have us covered?

Leave a Reply

Your email address will not be published. Required fields are marked *