Did you know that it is now illegal for people in the UK to host their websites in the USA if they collect any user information on their site? This includes enquiry forms on CMS websites, registration forms, subscription forms, delivery details for eCommerce websites, etc.
Where is Your Website Hosted?
You may be tempted to host your new website in the USA because it’s either cheaper or you think it’s best because mega tech companies are located there, or your website developer hasn’t told you where they are hosting your website (might be worth you asking now, because it can affect your data). So if someone wants to build a DIY website or any kind of template website quickly, and perhaps add eCommerce to that, many would turn to American businesses like GoDaddy (DNS), Shopify (eCommerce), Stripe (shopping cart), or Weebly (website builder and hosting). But if they do that and they add a contact form or shopping cart, both of which obviously collect user data, then they are violating the Safe Harbor Ruling. So it’s best to go with EU alternatives and even better, don’t use template DIY CMS or eCommerce website software that’s hosted outside the U.K.
If you are adamant to host your website in the USA, then you must add a message to your website clearly telling all users that any inforamtion they type in to your website is accessible by the USA.
Safe Harbour Ruling
The Safe Harbour Ruling is a decision handed down by the European Court of Justice (ECJ) in 2015. It states that data on Europeans must be kept inside the borders of Europe. The courts says the reason for this is the American police and other ‘organisations’ have free reign to read data stored on any person inside the USA because of the American anti-espionage laws and American violation of those very same laws too. Therefore if your website is hosted in the USA, any data taken by your website is available to be viewed by Americans because it’s in their jurisdiction.
The ruling has left American tech companies wondering how they can comply with that. Consider for example how difficult that would be for example Facebook: they would have to configure their database to send certain data records to a data server in the EU for EU residents and then send the rest to servers wherever they have their data centers. But if data records are kept apart then how can a European ‘friend’ an American on Facebook? The answer is Facebook would have to store individual data fields, those deemed to be private, in different countries while they store the person’s name, which they hope is quasi-public, anywhere. Needless to say that would be quite a headache and at the very least…. messy.
The American legal system, says the ECJ, gives Americans free reign to read data stored at Google and elsewhere in the USA. Or if not, they can do that by issuing a subpoena to the tech company.
UK Website Hosting
The way to stop this weird rule affecting your business is simple - pick a web hosting and cloud provider in the UK or EU. They should have redundant data centers in anywhere but the USA. Technically that should stop the Americans from vacuuming up that data.
So put keep your data on EU citizens in the EU and British citizens in the UK. It’s the law, plus it should help protect people’s privacy.
For more information on getting a British website hosted in the U.K and info on how we can help you, contact our team of website designers in Wiltshire
Written by Kirsty Paget