Privacy Shield invalid
The European Court of Justice has declared the Privacy Shield invalid. This means that European data may no longer be stored with American clouds on the basis of this privacy shield, with immediate effect. Are you still allowed to use American suppliers for your streaming services? And what about European suppliers who rely on American suppliers? Is it safe if American parties start using servers in the EU?
Personal data is protected
Transferring personal data is only allowed if the guaranteed level of security for personal data is not undermined in third countries. Personal data includes, for example, viewer logs from players and access logs on servers because they contain, for example, IP addresses of viewers.
CLOUD Act is very far-reaching
Under US law, USA intelligence and security services have the right to access all data, regardless if this data is on servers in the USA, or on any other server, anywhere in the world. This law conflicts with EU laws for personal data protection, and the privacy shield does not sufficiently guarantee this, according to the European Court of Justice.
Is your supplier American?
The problem arose is not only limited to major video platforms such as YouTube, Facebook and Vimeo. Virtually all vendors in our industry relied on the privacy shield to store data on servers in the USA or at US companies, including Akamai, Amazon AWS, Microsoft Azure and JW Player for instance. Here you find all parties that used the privacy shield and now have a major problem: https://www.privacyshield.gov/list
Does your supplier use USA CDNs, clouds or data centers?
The problem is not limited to American parties alone: almost all European vendors rely on these American cloud and CDN suppliers and that is where data is stored. It is no longer allowed.
Data outside the EU is illegal
According to the European Court of Justice, the privacy shield – which was basically the same as the rejected Safe Harbour – was not able to guarantee the important safeguards and has therefore been declared invalid. This means that almost all streaming providers illegally store data about customers and viewers outside the EU zone: they violate the European law.
Servers in the EU is not enough if there is an American link
Several American companies are now setting up servers in the EU. They then store European personal data in the EU. They claim that the personal data is safe because of this. However, this is debatable: the US CLOUD Act demands access to servers anywhere in the world from US companies or companies with US parent companies. The problem therefore persists, despite personal data being in the EU. There cannot be any link with an American company.
Standard Contractual Clauses cannot be used
The European Court was explicit that companies cannot use Standard Contractual Clauses when the recipient in the US falls under mass surveillance laws. US companies are trying to convince their EU customers of the opposite. Under the SCCs the American data importer would have to inform the EU data sender of these laws and warn them. If this is not done, then companies are liable for any damage caused. You will therefore want to store your data in the EU, with EU companies. Your entire chain of suppliers must be investigated whether data does not end up outside the EU after all.
Better safe than sorry
American policy is at odds with European policy that does not allow US interference on European territory. Do you want to run the risk of data about you and your viewers falling into foreign hands? Realize that intelligence services are abused for industrial espionage and that data can be exchanged and traded.
Streaming media is not only used to watch fun videos: we work for clients who provide video applications, who use video in their core business processes, who apply medical videos, who process secret business information in videos. Do you really want to run the risk of this content and data falling into foreign hands?Better safe than sorry.
Jet-Stream and privacy
Fortunately, there is a serious alternative, and that is no coincidence. Jet-Stream is an active advocate of privacy. We are internet pioneers. We produced the very first live stream of a concert ever, over 25 years ago. What was once a safe community of enthusiastic, progressive and innovative people, the web has now become a tough world of mass tracking and mass profiling with data trade, industrial espionage, mass manipulation and lots of negativity. Privacy is therefore more important than ever, and that is what we stand for.
Your data is not our business.
Jet-Stream is a telecom facility services provider in streaming. We do not exploit content and we do not exploit data. Our business model is the rental of capacity on our platform. We have an active anti-tracking policy. We do not store unnecessary data. We do not share data with anyone, except with our direct customers, and viewer data in analytics is actively anonymised.
Jet-Stream is a Dutch company with no ties to non-EU companies. As a result, we are 100% subject to Dutch and European privacy legislation, and the USA has no control over us, our services, our infrastructure and the data we store.
All Jet-Stream servers are located in Europe, with European suppliers. No data is stored or processed outside the EU. This means that the USA cannot request, view and process or share data, unlike with American parties or parties with servers in the USA.
Jet-Stream and customer data
Jet-Stream only stores the necessary data to be able to connect, support and invoice customers. This data is only stored on our own servers in the EU and is not shared with anyone.
Jet-Stream and viewer data
The data we store about viewers is in our load balancing and access logs on our own servers in the EU. By using these logs (instead of player trackers) Jet-Stream can provide its customers with 100% accurate analytics. In the process, the IP address of each user is set to xxx.xxx.xxx.000, so that the individual viewer can no longer be traced by our customers. The raw logs on the servers are deleted and are archived centrally and securely in order to trace any abuse.
The Privacy Player
Last year we introduced the Privacy Player: we were shocked after researching how many trackers there are in regular video players. These players are also all hosted on clouds of American vendors. As a result, an incredible amount of data leaks outside the EU, without the viewers knowing, without the customers knowing. The Jet-Stream Privacy Player is hosted in the EU. The player offers all the key features of the common video players, but it does not do any tracking. Viewing behavior is not traced. The player is bundled for free, including an unlimited number of views, so that better privacy also yields a cost advantage.
Jet-Stream can, in addition to its own servers in the EU, also serve streams worldwide via third parties such as clouds and CDNs. These can be American companies, with servers outside the EU. In that case viewer logs are stored with these parties. However, we also work with European suppliers. We asked our European MultiCDN suppliers not to store logs on servers outside the EU, but to write them centrally in the EU. So that we can serve traffic worldwide, and still fully comply with the EU privacy guidelines, with MultiCDN. We can set which CDNs are used per customer. Contact us for advice on which CDN / cloud – or mix – is best for you.
The GDPR is the European privacy law. Do you want to know more about our GDPR policy? You can read more about it here: https://static.jet-stream.com/wp-content/uploads/2018/05/Jet-Stream_Privacy_Processor_Agreement.pdf
Are you going to help us make the web a safer place? Privacy first! Let’s talk and act.