If Your Data Lives In Moscow, Are You At Risk In The U.S.?
|Google's new data center - Finland|
|2008 Wayfaring map of Google data centers|
Google provides partial information on the user data requests that it receives from governments here and information about its Transparency program can be found here. It's interesting that neither Russia nor China are on the user data list, but Hong Kong is (with 90 requests in the 2H 2010). That's probably due to the very low use of Google services by Russian and Chinese mainland citizens.
Google processes personal information on our servers in the United States of America and in other countries. In some cases, we process personal information outside your own country.In a different twist on the same problem, Gordon Frazer of Microsoft U.K. was recently asked a very pointed question:
Can Microsoft guarantee that EU-stored data, held in EU based datacenters, will not leave the European Economic Area under any circumstances — even under a request by the Patriot Act?Frazer's answer was "Microsoft cannot provide those guarantees. Neither can any other country." Most folks won't be affected by this layer of extended vulnerability, but for those individuals who are of interest to foreign states, including the U.S. government if you're from another country, it should serve as a warning to avoid cloud-based services as much as possible. Speaking personally, I've cut way back on my use of Gmail and I'm having second thoughts about my use of Google +. The same would apply to Microsoft, Amazon or any other cloud provider that refuses to guarantee that my personal data will stay in the same country that I live in.
UPDATE (9 AUG 11): Google acknowledges the same legal requirements that Microsoft did regarding its E.U. customers and its requirements under the U.S. Patriotic Act in this German article (Google Translate).