I have a dropbox professional.
Is it possible to transfer my files to a server located in EU?
Not with Professional, no. That is something you can only do with a Business licence holding at least 10 seats: https://help.dropbox.com/accounts-billing/security/physical-location-data-storage
Thank you, Mark, for the information ...
As a Canadian non-profit society, I'm required to store our data in Canada, including no transmission of data through any other country. At present, sync.com does that, but it would sure be nice if Dropbox caught up -- I've only a 1 user account, as that's all I need -- going pro with 10 users is simply too expensive to even consider.
Hello @Dropbox or SuperUser(s),
So to be able to have data stored (or moved) on/to European servers, you need:
- business-licence (standard, etc)
- at least 10 users
Is that correct?
Another question: although, if as a company you do not meet these requirements on licencing, the GDPR is still applicable if the data is stored on US-servers, correct?
Best regards,
Yannic
Hey @Yannic_Belgium_Europe, welcome to our Community!
Currently the ability to store files on our European infrastructure is available only to European Dropbox team, Enterprise, and Education customers with 10+ licences, who purchased a yearly subscription using a manual invoice billing method.
In regards to your question about GDPR, that applies to each and every Dropbox account. Feel free to have a look here too.
I hope this helps!
Hello Megan,
Thank you for your info & feedback.
Practical question: will the European-data-residency also become available for smaller (European) customers? (so as from 1-10 seats)
Is there maybe also a roadmap from Dropbox on this where we can follow the coming new features/options?
Thanks for the update!
No, a European server would not be acceptable. Data belonging to non-profit societies (and some other companies) must be stored in Canada and must not travel through any server located outside of Canada. GDPR doesn't enter into this requirement.
Dear Drdca,
Maybe let each customer (like European customers) decide (or chose) where they would like to have their data-residency (like most providers also give that option to data-customers)? (it's not up to you to decide on that for each type of customer i presume?)
Hi @Yannic_Belgium_Europe, at the moment we don't have a specific time frame on this.
However, your feedback has been very valuable and I will endeavor to make sure your voice is heard.
I will pass on your comments to the relevant departments so that we can continue to improve.
If you need anything else, let me know!
Hello Megan (or colleague),
Is there any update on this?
Important extra question: following European GDPR & Data-privacy regulations, is Dropbox (or the mother-entity) aware of the fact that a company/service-provider cannot (en)force a customer to buy certain number of licenses (or certain commercial package) in order to have the "choice" where the data will be stored on the provider's server(s)? (in our case, and as for all European customers, on European server/s)
This means that for smaller customers (so less then 10 users) you do not give the option (contradicting European law/regulations) to have data stored on European servers from Dropbox, correct?
Yannic De Baets
Hey @Yannic_Belgium_Europe, we appreciate your feedback on this matter.
Rest assured that your comments are passed along to our team about this.
If you have any other questions, please let us know.
Hello Hannah,
And will we also receive a answer or update on this so we can make the right choices regarding cloud-storage?
Thank you,
Hi everyone, thank you for your input on this.
As you know, Dropbox servers are located in the EU and US, our EU based file storage is provided on Amazon Web Services (AWS) infrastructure. While the GDPR does not require personal data to be hosted within the EU, the personal data that is entrusted to us is protected equally under GDPR whether it is hosted in Europe or the US.
Dropbox has a long-standing commitment to maintaining high standards of privacy and security for our customers’ data. This is the cornerstone of what we do.
You can download our Privacy Whitepaper and Security Whitepaper to find out more about how we protect your data.
Thanks!
Hi Jay,
So this still means that customers who want to (and/or legally have to due to regulations from their customers) host their data in EU do still require to buy a certain level of licenses or package to have this option, correct? Dropbox is not changing their offering to give smaller companies the option to have the data hosted in EU, correct?
Regards,
Y. De Baets
@Yannic_Belgium_Europe wrote: Hi Jay, So this still means that customers who want to (and/or legally have to due to regulations from their customers) host their data in EU do still require to buy a certain level of licenses or package to have this option, correct? Dropbox is not changing their offering to give smaller companies the option to have the data hosted in EU, correct? Regards, Y. De Baets
Yes this is currently the way it works similar to lots of other companies I'm afraid.
Why?
GDPR applies to individuals and businesses, why can't individuals also have the protections that the EU citizens are entitled to?
GDPR does say that transfers of EU Citizens data outside of the EU and EEA is prohibited unless an adequate safeguard can be used. Each time the EU Commission agree a data sharing agreement with the US, i.e. EU-US Privacy Shield (Schrems I & II) , and when it is tested in the European Court of Justice conclude that the US data protection laws are essentially NOT equally good as the GDPR, specifically the US Foreign Intelligence Surveillance Act (FISA) Section 702, Executive Order 12333 and Presidential Policy Directive 28 and the Privacy Shield ombudsman does not have the power to adopt decisions that would be binding on US intelligence services.
How therefore can you say that data that is moved to the US from the EU is fully GDPR protected for individuals?
Hi @An_Laoch,
Thanks for your question, happy to assist here.
We can confirm that Dropbox has SCCs (Standard Contractual Clauses) in place covering transfers of our users’ data. As you can check in our Privacy Policy, when transferring data from the European Union, the European Economic Area, the United Kingdom and Switzerland, Dropbox relies on a variety of legal mechanisms, such as contracts with our customers and affiliates, Standard Contractual Clauses, and the European Commission’s adequacy decisions about certain countries, as they apply.
Hope this clarifies!
Thank you
Actually, the European Court of Justice, in Schrems II, passed the case of SCCs back to the Irish DPC and in the Meta Ireland case the DPC found that Meta had infringed Article 46(1) GDPR by continuing to transfer personal data from the EU/EEA to the US following Schrems II. Meta Ireland effected those transfers on the basis of SCCs; however, the DPC found that these arrangements did not address the risks to the fundamental rights and freedoms of data subjects that were identified by the CJEU in its judgment. While the specific decision was in relation to Meta, it has implications for companies such as Dropbox too as the analysis in this Decision exposes a situation whereby any Internet platform falling within the definition of an an Electronic Communications Service Provider (ECSP) subject to FISA 702 PRISM programme may equally fall foul of the requirements of Chapter V GDPR and the EU Charter of Fundamental Rights regarding their transfers of personal data to the US.
I wonder how much of their users are businesses with more than 10 seats, as I understand its common for established business to target bigger, high value accounts with age, but isn't Dropbox's whole value proposition to make it easy for individuals, contractors, freelancers, outsourced teams to all collaborate? With non-US users already agreed to T&Cs for storage in the US it seems an unhelpful way to handle their (if not yet regulatory) moral obligation for EU data sovereignty.
Strategically it has a sense of anti-unionist capitalism, whereas tactically, it reads like juvenile irresponsibility. Tell me Mark (individual community member), what benefit does this offer afford yourself? If none, I propose your answer is void, as the solution is fundamentally unacceptable.
Given your assurance of the team having received the feedback, could you be so good as to relay what their response to the matter is?
After a year of pondering, one if not many of the; department heads, product owners, project managers, SREs, agile practitioners, business analysts and engineers / cloud infrastructure capacity planning, data science driven policy astronauts must have an answer that's worthy of sharing to set public expectation, as fellow punters of the morrow, we must to respect everyone need to plan. If the policy is set (i.e. not going to change due to this thread) for the foreseeable future, reiterate that point clearly for those you appreciate.Thank you.
Hi @digitalfu,
Welcome to the Dropbox Community and thanks for commenting. We currently do not have any updates regarding the feedback submitted from this thread. All of the latest information available on accounts that are eligible for data migration can be found in this Help Center article. If and when we do have an update, we'll let everyone here know, so be sure to check in and keep an eye on this thread.
Thanks again, and have a great evening!
Graham
