deploy_feedback icon indicating copy to clipboard operation
deploy_feedback copied to clipboard

Published 20 hours ago verified publisher icon denoland

EU Data Protection

Open tobiasschmidt89 opened this issue 3 years ago • 8 comments

I would like to host a website on deno deploy in Germany. I did not find official statement or guide if deno deploy is in check with GDPR, Schrems 2, TMG, DPA, etc. It would be great if you could provide information, features and or processes on this topic so that it is "safe" for users in EU to host websites and apps on deno deploy.

e.g. I found this post by software provider Segment.com that has some information on how they try to solve GDPR, Schrems 2 (e.g. they seem to have a sub company and infrastructure in EU/non-EU to split processing). So something like this would be super helpful for me to feel confident in using deno deploy in Germany.

Thanks

tobiasschmidt89 avatar Aug 22 '22 18:08 tobiasschmidt89

thanks, we will fix!

ije avatar Aug 23 '22 03:08 ije

It would be very helpful to be able to select which region to deploy to instead of "earth". Before that, it is impossible for many companies to use the service.

felix-schindler avatar Aug 26 '22 07:08 felix-schindler

It would be better if we could just

  • [ ] https://github.com/denoland/deploy_feedback/issues/127 This would enable more scenarios than just conforming to the rules of 1 region which should not be held above others in terms of developer resources dedicated to satisfying its whimsical needs.

CetinSert avatar Aug 28 '22 00:08 CetinSert

It would be better if we could just

  • [ ] https://github.com/denoland/deploy_feedback/issues/127 This would enable more scenarios than just conforming to the rules of 1 region which should not be held above others in terms of developer resources dedicated to satisfying its whimsical needs.

Makes sense to have this option, but I am not sure if it is sufficient to be in check with GDPR.

E.g. it might be necessary to have a deno deploy sub company in EU to be in check with Schrems 2. As far as I understand the US cloud act, it affects also data processed/collected in other countries by US companies. Therefore to keep the EU citizens data isolated would require a physical and "legal" isolation.

Additional I think it would be necessary to have a way to create a DPA with deno deploy and a post explaining the data processing (What Data, Where it is processed, How it is processed, Who has access, ...) so that it is easy to explain in a Privacy Policy and to have a reference in case of an issue.

PS: Again I am no expert on this topic, so everything I explain here might be wrong or insufficient to be in check with GDPR, etc.

tobiasschmidt89 avatar Aug 28 '22 05:08 tobiasschmidt89

Also very interesting for our organization! Any updates on this?

eqoram avatar Jul 10 '23 13:07 eqoram