Hosted in Germany: Why data sovereignty is now more important than ever

Transatlantic data relations have been marked by tensions for years. One key problem is the lack of an equivalent level of data protection in the USA: While the EU has strict rules for the protection of personal data, for example the General Data Protection Regulation (GDPR), there is no comparable law in the United States.

The Privacy Shield Agreement was introduced in 2016 to regulate the transatlantic exchange of data. However, the European Court of Justice (ECJ) overturned it in 2020 in the “Schrems II” ruling, as it did not offer sufficient protection against access by US authorities.

In 2023, the situation improved to some degree when Joe Biden brought the Data Privacy Framework into force with an executive order. One of its key innovations was the Data Protection Review Court (DPRC), which was intended to simplify complaints by European players. This measure temporarily calmed the waves and at least provided a legal respite. However, Donald Trump's new administration is now threatening to undermine the legal basis for transatlantic data exchange once again.

What are the problems?

Access by US authorities
The CLOUD Act (2018) allows US authorities to access data from companies based in the United States – regardless of the server location. This means that even European data hosted on servers in the EU is not fully protected from access by US authorities.

Data as a digital resource
Data is a valuable economic asset. The European GDPR ensures that personal data in the EU is subject to a high standard of protection. However, in times of cybercrime and digital espionage, it is also important to protect business secrets and other important information in the best possible way.

Lack of transparency and control
Many cloud storage providers such as Dropbox or Microsoft OneDrive, and in particular US “hyperscalers” such as Amazon and Google, have highly complex, internationally organized structures. In contrast to data room providers such as netfiles, it often remains unclear who has access to stored data and whether data protection standards are being adhered to. Control and data sovereignty therefore remain problematic, especially when companies are under US influence.

America First: What we expect in the coming years

Digital technologies and artificial intelligence (AI) are not only drivers of economic innovation, but also key elements of geopolitical competition. Under Donald Trump's second term in office, this competition could intensify further – with serious consequences for international data flows, digital infrastructure and corporate IT strategies.

Particularly alarming: the development of AI systems, which are currently attracting a lot of attention, depends largely on access to large amounts of data. These are most conveniently stored in the data centers of large cloud providers. Many companies use cloud services and digital platforms to make their business processes more efficient and scalable. In the past, the promised efficiency gains took precedence over security concerns.

However, this is changing: The focus is now not only on data protection aspects, but on general security and compliance risks. Control over business-critical information, intellectual property and strategic data is becoming a key challenge for companies and virtual data rooms are gaining in popularity in the process.

Data sovereignty: It's time to act!

Companies increasingly prefer to host their data in Germany (or at least within the EU) to minimize legal uncertainties. Even if US providers, such as Microsoft or Amazon, operate servers and even local subsidiaries in the EU, they are still subject to US law. Thus, the CLOUD Act remains a central weak point for European control over data. This also applies in the event of a takeover of European businesses by US companies.

For this reason, an increasing number of companies are focusing on “data sovereignty”. This means retaining full control over their data and ensuring secure, legally compliant data management. Secure storage and infrastructure play a key role here:

• Certified data centers in regions with strict data protection and compliance requirements

• Modern encryption technologies to protect both data in transit and data at rest

• Access control systems to protect against unauthorized access to sensitive company information

• Availability and resilience through a comprehensive backup strategy as well as local and supply redundancies

In view of increasing cyber threats and regulatory requirements, a sovereign data strategy is crucial for the long-term success and competitiveness of companies. A secure cloud strategy for data that combines flexibility and protection forms the basis for a future-proof data infrastructure.

netfiles: Setting standards for secure data rooms for over 20 years – 100% made and hosted in Germany

netfiles has been offering efficient and highly secure data exchange for over 20 years. Our ISO-certified data rooms offer companies and organizations worldwide a GDPR-compliant solution for storing, transferring and sharing sensitive information. Thanks to company headquarters, development and hosting exclusively in Germany, netfiles supports companies in operating a data-sovereign IT infrastructure. Maintain full control over your data – for maximum security and compliance.

• 100% hosted in Germany – no transfer to foreign authorities, no access through the US CLOUD Act

• Highest transparency and data protection standards – without hidden backdoors

• Proven and reliable: Over 500,000 users worldwide rely on netfiles for their business-critical data

Learn more

We will be happy to advise you on how best to use the netfiles data room in your business and which functions netfiles offers in detail. Contact us – we look forward to hearing from you!