Hacker News new | ask | show | jobs
by hiddenfeatures 4800 days ago
From a legal standpoint: Does this now comply with the EU (German?) data privacy laws? I was told the other day, that using Heroku was a No-No, because you are storing your customer data with a non-EU-compliant company outside the EU. With this, the data resides in the EU. Does this (magically) make my troubles go away?

Remarks: I am totally not a lawyer
5 comments
friism 4800 days ago
From the "Safe Harbor Compliance is Coming Soon" section:

    Heroku is not yet a registered participant in the Safe
    Harbor program. We’ve laid the groundwork for becoming
    Safe Harbor certified and expect to have it soon. The
    Europe region public beta is designed to let you build
    high-performance apps for European users. It does not
    currently address data residency or jurisdiction concerns. 
    You should assume that some portions of your app and its
    data will be in, or pass through, datacenters located in
    the US.
link
hiddenfeatures 4800 days ago
Oh sh*t. I didn't read the website (only the newsletter). Thanks for posting, though. Should be helpful for others as well!
link
neilmiddleton 4800 days ago
(I work @heroku)

Europe region beta is not yet Safe Harbor cert. Working on it. Sign up for updates to stay informed heroku.com/europe

link
mikehale 4800 days ago
Heroku is not (yet) safe harbor compliant, but we have plans to be so.
link
hiddenfeatures 4800 days ago
How close are you to fulfilling those requirements? I am just asking, because there are quite a few German PaaS providers showing up now. So there seems to be a market. And it is a real problem when you try to do business with healthcare
link
rmc 4800 days ago
Well, IANAL, but they say they are based on Ireland (in Amazon's EC2 servers), so Irish law (which is a subset of EU law) applies to their servers there.

I'm not sure what they keep meaning by "not safe harbour compliant", since the law applies all the time to all people in Ireland....

link
friism 4799 days ago
IANAL either, but note that Heroku is an American company and that probably has implications due to the PATRIOT act. Check out what a Microsoft exec had to say about this: "Microsoft cannot provide those guarantees. Neither can any other company" - http://www.zdnet.com/blog/igeneration/microsoft-admits-patri...
link
brazzy 4800 days ago
> Irish law (which is a subset of EU law)

Shouldn't that be "superset"?

link
rmc 4799 days ago
ahem yes. :)
link
jbeynon 4800 days ago
The press releases talk about them not being Safe Harbour yet but it is now much more in progress. Your data may pass through the US still at presently.
link