Anticipating the approval of stricter data protection rules in the European Union, cloud storage startup Zettabox bets it will be able to compete against bigger rivals by guaranteeing customers that their data will be housed in Europe.
Zettabox, whose service came out of beta on Wednesday, is entering a market dominated by U.S. cloud providers. To differentiate itself, Zettabox is setting up storage space in data centers across the continent so companies and governments can store data in their home countries if they want to.
Zettabox has offices in London and Prague and was founded by James Kinsella and Robert McNeal, U.S. executives who have been working on the service for over two years.
They based the company in Europe to provide what they describe as a high data protection standard and to give Europeans more control over their data, said Kinsella, a former Microsoft executive who has run businesses in Europe for the last 15 years.
However, as a small, new company that lacks the resources of its larger competitors, Zettabox will likely face skepticism from customers, especially large enterprises, which may worry about its financial stability and its ability to provide the latest and greatest technology. Founded in December, Zettabox has 25 employees and was privately funded by Kinsella and McNeal for an undisclosed amount below €10 million.
Moreover, Zettabox doesn't own any data centers. It stores its customers' data in leased data centers in eight European cities at the moment: Amsterdam, Berlin, Frankfurt, Milan, Geneva, Paris, London and Madrid. It plans to add more cities later.
Zettabox says that the data centers from which it leases space are all owned by European companies. In some cases, Zettabox owns the servers located in these data centers, and in other cases it also leases space in third-party servers.
Still, the company is confident it will be able to succeed by storing all data in Europe, and thus keeping it outside of the geographical and legal territory of non-EU governments, in particular the U.S.
The EU is currently working on a new data protection regulation intended to better protect citizens' privacy. Under the plans, companies could be fined up to €100 million (US$113 million) or 5 percent of their global annual revenue in case the rules are breached. A breach would include transferring personal data out of the EU without explicit permission.
So far, Zettabox customers haven't asked that their data be housed in a specific country or city, as long as it is stored in Europe, he said. That might change in the future, according to Kinsella, who anticipates that the upcoming EU data protection regulation will give countries the flexibility to demand that personal data stay within the country.
The European Commission in May unveiled its strategy for a single digital market, as it aims to get the new data protection rules adopted by the end of the year. At the same time, it also proposed a "European free flow of data initiative" to promote the free movement of data in Europe.
To mitigate European privacy concerns though, many U.S. cloud companies are opening locations in various EU countries. Amazon Web Services for instance opened a second European location in Frankfurt last year to address privacy concerns. Other companies like Salesforce, VMware and Oracle are also opening data centers in Germany.
Privacy is not the only reason to do that though. Opening local branches allows providers to be closer to their customers, which helps reduce latency and improve reliability.
But as an ongoing case involving Microsoft shows, storing EU customer data in Europe doesn't always innoculate U.S. vendors from the long arm of the U.S. government.
In that case, Microsoft is refusing to comply with a search warrant issued by the U.S. Department of Justice to turn over a suspect's emails stored on a server in Ireland. Microsoft argues that U.S. laws do not apply in Ireland.
Its argument was backed in December by companies including Apple, Amazon.com, AT&T, eBay and Verizon Communications, all of which warned the case could impact the willingness of customers outside the U.S. to do business with American tech companies.
That trust was already severely damaged when documents leaked by former U.S. security contractor Edward Snowden revealed the extent of U.S. spying programs. After that, the European Commission demanded the renegotiation of the Safe Harbor agreement that regulates the commercial transfer of personal data of EU citizens to the U.S.
A new deal with better protections for EU citizens' data seems close, but some issues still need to be ironed out, including a clarification about the scenarios in which the U.S. government would demand access to data from EU citizens.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to [email protected]