SaaS Agreements – Data Protection – Advantages of Hosting in Switzerland

SaaS suppliers are increasingly using data centres located in Switzerland to host SaaS software and store customer data. In light of recent media revelations about “prism” and the already existing concerns over access to customer data under the Patriot Act and FISA this could be an increasing trend. The advantages of hosting SaaS data in Switzerland are summarised below.

Why Switzerland?

Switzerland is often viewed internationally as representing the following values – stability, neutrality, discretion and trustworthiness based on its banking history. For this reason Swiss law is often accepted by non-European customers in international agreements when there is a disagreement about which law or arbitration rules should apply to the contract.

Confidentiality

Currently many global SaaS suppliers use data centres located in the USA. However, when dealing with European customers, SaaS suppliers often encounter problems with customers raising concerns about the application of:

  • the Patriot Act, a US law which permits US authorities to access EU customer data stored in the USA or EU customer data stored outside of the US where there is a US parent company such as Microsoft; and
  • FISA which allows the US government to access and monitor the personal data of non-US citizens held by US public cloud providers such as Amazon or Google.

An additional benefit of using a Swiss data centre is that generally data stored in Switzerland is not traceable to a named person, but only to a number.

Safe Harbor not Adequate

SaaS customers and data protection authorities, particularly in Germany, are raising concerns about the adequacy of the safe harbor status of US companies. It is often claimed that safe harbour certification is little more than a paper exercise which in practice does not comply with European levels of data protection.

Compliance with EU Data Protection Laws

An added advantage of using Swiss data centres is that Switzerland is accepted by the EU as having equivalent protection to EU data protection laws. Therefore no additional consents are required from SaaS customers to enable data to be stored and processed in Switzerland.

Language

Although English is not one of the official languages of Switzerland, it is widely spoken and is the language of preference for business transactions. In addition French, German and Italian are official languages providing the added bonus of SaaS suppliers being able to request hosting services in any, or all, of the four languages. This makes Switzerland very attractive to global companies who are often wary of hosting outside of their territory due to language barriers.

Summary

Under the provisions of the US Patriot Act and FISA, the personal data of SaaS customers based in the EU must be shared with US law enforcers without the customer being informed, even though this conflicts with EU data protection law.

By using a data centre located in Switzerland a SaaS supplier can process and store customer data in compliance with EU data protection rules, provided that the hosting company located in Switzerland, is not owned by a US parent company.

For the above reasons some well known global companies such as Swift, Yahoo and Hewlett Packard have in recent years relocated their hosting services to Switzerland.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles: