Digital Ocean VPS server should it be in the usa or ouside of it

I am planning to set a Nextcloud server in Digital Ocean (USA company) to host my stuff. (no more GAFAM storing my things) If the server is physically in the Netherlands, but still owned by a usa corporation, does that give me better privacy as opposed to the same server deployed in San Francisco CA ?

What jurisdiction applies?

It isnt really your computer if you are using a VPS. You are renting it.

The server operators are still liable to enforce various laws on the side of Netherlands, where the server is and on the side of the owner of the company, which in this case is the USA. They will have to respond to lawful request on both sides to continue operation.

1 Like

i think it does not matter, because the HQ itself under USA laws, (same as google i’m sure they have got servers everywhere or cloudflare and their CDN stuff but still their company itself in the USA) so i think it does not matter (might be wrong so correct me :stuck_out_tongue: )

1 Like

Wait, really? :joy:
Okay what if USA requested the data of Netherlands servers? the company got the rights to give it or Netherlands will stop them? I mean if they can still pull the data out then i dont think it worth it

Requests from Government Agencies/Law Enforcement
Except in emergencies (see more below), DigitalOcean turns over protected user information only upon receipt of a valid subpoena, ECPA US court order, or search warrant. Additionally, we will notify affected users about any requests for their account information, unless prohibited from doing so by law or court order (see more below).
Upon receipt of a valid subpoena, if these pieces of information are available, we can provide user registration information such as the first and last names, phone number, email address, the date/time stamped IP address from which a site was created, the physical address, and the PayPal / Stripe transaction information.
Upon receipt of a valid ECPA court order, if these pieces of information are available, we can provide access logs which might reveal a user’s movements over a period of time, account or private repository settings (for example, which users use certain services, etc.), security access logs other than account creation or for a specific time and date.
Upon receipt of a valid search warrant, if these pieces of information are available, we can disclose content of customer virtual machines, the content of user communications with customer support, or other forms of content data.
For legal requests from government agencies/law enforcement outside of the United States, we require that the request be served via (1) a United States court, (2) an enforcement agency under the procedures of an applicable mutual legal assistance treaty (MLAT), or (3) an order from a foreign government that is subject to an executive agreement that the Attorney General of the United States has determined and certified to Congress satisfies the requirements of 18 U.S.C. 2523.

2 Likes

I think we are looking at a different scenario, we are looking at the US trying to get it’s hands on information on a server held in a foreign country. But run by a US company…

Unless Digital Ocean has servers inside the US embassy, the actual data centers that hosts the Netherlands Digital Ocean server has to obey local warrants. If the Netherlands police comes knocking with a valid warrant to take away the server with your instance on it, the datacenter has to comply. Also, a gun pointed at a datacenter employee is as good as any lawful warrant.

And if the DO datacenter is inside the US embassy, what does that tell you about the datacenter?

This is BTW, applicable to all foreign datacenters, not just Netherlands.

In the end, VPS are not your computer. Only in an on-premise server will you have verifiable control. Even then, you will have to protect it yourself from thieves, pen testers, and any unauthorized access. Even you will have submit to a lawful warrant or face consequence.

1 Like

Come to think of it, Netherlands is in EU and the EU has GDPR laws.
California also has CCPA. But Digital Ocean HQ is over on New York.

You should probably check which of the places enforce their privacy protections more. If you desire a lower latency service, maybe a server nearer you may be feasible.