Server location equals business location?
Generally you distinguish legally between a server location – the location where all the data is stored – and the headquarters – the location where the particular business is located. Both have an influence on which legal grounds of data protection apply.
Business and Server in the EU: National data protection
No compromise on data protection: Through the company headquarters and the server location in Germany, you can be sure that the strict German data protection laws always apply.
If the business as well as the server is located in EU or in Germany, the location of the business decides over the applicable law. This is regulated in the European data protection guidelines and will find entrance into the new EU data protection agreement.
Since PlagAware is established in Germany, the national German data protection law (German Data Protection Act) applies – as long as the server is located in Germany or in an EU country.
No rule without an exception: Subsidiaries in an EU country
There are a few exceptions to a simple rule though. For one the principle of the subsidiaries applies: If a business has a subsidiary in an EU country where the server is located, the data protection guidelines of the EU country automatically apply. Since the fewest users are familiar with the data protection guidelines of all EU countries and do not know each subsidiary of the provider, it presents a certain risk.
Forced data disclosure to authorities
A second exception hereof is possible surveillance activities and orders for disclosure of customer data to police or other public authorities. Here only the German law applies, when not only businesses but also servers are located in Germany. If they are located in a data bank in France, then it is subject to French access rights - regardless of the company’s headquarter.
For this purpose you should know that currently the surveillance law in French is often criticized by human rights activists, because it grants the authorities world-wide rights (Link). A complete surveillance of a data transfer for example is permissible without a legal order and initial suspicion.
Server location in the US or other third party countries
It acts similar when headquarters or server location are in a third party country like the USA. Here the data protection law of the applicable third party country applies exclusively such as the American law for example. When the American authority like the National Security Agency (NSA) demands the release of customer data, the service provider has to comply with the request in general.
To recap: Why are server location and company headquarters in Germany so important?
Only if the server location as well as the headquarters is in Germany, you can be sure that in fact the strict German Federal Data Protection Act (BDSG) applies. This regulates the transfer, usage and governmental access to your data.
With the headquarters or a server location in an EU country it depends on the details such as location of subsidiaries which national data protection law will apply.
When you engage a business in a third party country, like the USA, for online plagiarism checks, then the local data protection law applies. The same applies to the business that has its headquarters in Germany or in the EU, but has its server in the USA.
Server location and headquarters of PlagAware
With PlagAware you are always on the safe side since the headquarters in New-Ulm as well as the server location in Nuremburg are in Germany. If you have questions regarding this, please feel free to contact us!