A recent legal opinion reported by heise confirms a reality many European businesses overlook: U.S. authorities can access cloud data even when it is stored in Europe.
The key factor isn’t where the data sits, but who controls the provider. Companies subject to U.S. law can be compelled to hand over data under laws like the CLOUD Act, regardless of server location.
Why This Matters for GDPR
GDPR aims to strictly limit access by third-country authorities. U.S. access laws can bypass European safeguards, creating compliance risks for businesses using U.S.-linked cloud services — including those advertising “EU data residency.”
Why Perch Is Different
Perch runs as a private, dedicated instance per customer, hosted in the EU and operated by a European company.
That means:
- No shared multi-tenant environment
- No exposure to U.S. jurisdiction
- Full legal and operational control under EU law
Data sovereignty is about control, not just location.
The Takeaway
The heise report highlights a simple truth: European-hosted data is not automatically protected if the provider is subject to U.S. law.
For organizations that value privacy and compliance, a private, EU-controlled collaboration platform like Perch offers a safer foundation.
Link to heise report: https://www.heise.de/news/Gutachten-US-Behoerden-haben-weitreichenden-Zugriff-auf-europaeische-Cloud-Daten-11111043.html