Below are some (FAQs) Frequently Asked Questions pertaining to Wasabi and Privacy Shield. Should you have additional questions, please contact us.
1. Is Wasabi Privacy Shield compliant?
2. What is the latest statement from the US government on the EU-US Privacy Shield Framework or the Swiss-US Privacy Shield Framework?
On September 8, 2020 the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland issued an opinion concluding that the Swiss-U.S. Privacy Shield Framework does not provide an adequate level of protection for data transfers from Switzerland to the United States pursuant to Switzerland’s Federal Act on Data Protection (FADP). As a result of that opinion, organizations wishing to rely on the Swiss-U.S. Privacy Shield to transfer personal data from Switzerland to the United States should seek guidance from the FDPIC or legal counsel. That opinion does not relieve participants in the Swiss-U.S. Privacy Shield of their obligations under the Swiss-U.S. Privacy Shield Framework.
In the August 10, 2020 joint statement issued by US and EU authorities regarding the EU-US Privacy Shield Framework, Privacy Shield participants were advised discussions to evaluate the potential for an enhanced EU-US Privacy Shield Framework to comply with the July 16, 2020 judgement of the Court of Justice of the European Union in the Schrems II case have been initiated between the US Department of Commerce and the European Commission. What is being referenced here is European Court of Justice in Case C-311/18 (Schrems II), where the judgment declared that the EU-US Privacy Shield Framework is no longer a valid mechanism to transfer personal data from the European Union to the United States.
The July 16, 2020 decision does not relieve participants in the EU-U.S. Privacy Shield of their obligations under the EU-US Privacy Shield Framework. Wasabi will continue to monitor the progress of any enhanced EU-US Privacy Shield Framework discussions and will take changes under advisement.
Additional FAQs concerning the EU-US and Swiss-US Privacy Shield are available on the US Privacy Shield Program website:
3. How does the current US government statement on the decision in the European Court apply to Wasabi?
There is no change in Wasabi's storage service availability for European customers.
For EU customers complying with GDPR, storing data in a Wasabi European data center is the recommended option. When you create a bucket, you are prompted to enter a region and may select a storage region based in the EU to have that bucket reside in the EU. Privacy Shield Framework does not apply in this case.
For EU customers who wish to store data in one of Wasabi’s data centers in the USA, Wasabi will execute Standard Contractual Clauses (“SCC") with customers who request them, in lieu of Privacy Shield certification. The European court did not strike down the use of the SCC, and those remain attached to the Wasabi DPA for countersignature by those customers who require them. Wasabi’s DPA consists of two parts: the main body of the DPA and the SCC; or more information please reference How can I review Wasabi's GDPR Data Processing Addendum (DPA)?
4. Can Wasabi copy my data to a Wasabi US data center even if I have chosen to store my data in a Wasabi European data center'?
No, Wasabi will not copy Customer data. Customer data is stored in the data center selected by the Customer.
5. Can Wasabi be asked by the US government to shutdown the Wasabi Europe data center? If yes, under which conditions?
No, the U.S. government cannot ask Wasabi to shut down its Europe DC. Like any US company, if the government thinks Wasabi is engaged in illegal activities it can seek to bring action against Wasabi, which may include seeking a remedy of a change in European operations.
6. Can Wasabi be asked by the US Government to delete an entire customer account? If yes, under which conditions?
No, the U.S. government cannot tell Wasabi to delete a customer account. The government may seek remedies if they think there is some illicit activity going on, but under ordinary circumstances does not and cannot exert that kind of control over U.S. businesses.
7. Who operates the Wasabi equipment in Amsterdam data center: Wasabi Technologies B.V. based in the Netherlands or Wasabi Technologies Inc. based in the USA?
Wasabi Technologies, Inc. based in the USA operates the Wasabi equipment in our EU data centers.
8. Who owns the data center where Wasabi equipment is located in Europe?
Wasabi equipment is located in top tier data centers certified for SOC-2, ISO 27001 and PCI-DSS. For example, Equinix Netherlands owns the data center where Wasabi’s equipment is located in Amsterdam.