In October the European Court of Justice invalidated the Safe Harbor agreement, which allowed for legal data transfers between Europe and the United States. Nearly 4,400 companies have relied on this agreement for day-to-day operations for the last 15 years. Following the revelations by Edward Snowden, however, the EU decided it could no longer sit idly by as the NSA violated European data privacy laws with impunity under the auspices of the USA PATRIOT Act. With Safe Harbor no longer valid, it has left US companies holding European citizenry data in quite the conundrum, with little clarity on alternatives.

While some countries such as Russia have long required that citizens’ data be stored and analyzed within their countries’ borders, this is a first for our close allies in the Europe Union. With the January 31st compliance deadline quickly approaching, global organizations are taking a variety of steps for dealing with this new climate.

The first option is Model Clauses, a solution that is only slightly better than the Safe Harbor agreement and as a result sits in a legal grey area and has little chance of serving as a long term fix. The second option is to pray for the passage of Safe Harbor 2.0, a piece of legislation that is in the early planning stages and also has a slim chance of moving forward before the January deadline. The third option is to deploy a local data storage solution via the use of private and on-premise cloud technology.

Private and on-premise cloud infrastructure is different from pure cloud deployments in that the data storage / processing centers are owned and often operated entirely by the company rather than a provider like Amazon, Microsoft or Google. Though this may seem like a subtle difference, the geographic location of data is at the heart of the Safe Harbor saga. With the European Union nullifying Safe Harbor, EU member countries can no longer transfer and store data within the US without violating EU privacy laws. Instead, data must be stored in datacenters located in Europe, and in some cases, such as Germany, within the specific country itself.

With private or on-premise cloud technology, the geographic location of data, or data sovereignty, is part of the package. By housing a cloud datacenter on-premise or locally at an off-site facility, European enterprises can assure compliance with even the strictest of national or EU regulations. Unlike traditional pure cloud datacenters, content and data are stored on the private infrastructure but still remain accessible to remote employees.

This private, on-premise data cloud storage option provides benefits beyond compliance with EU mandates regarding data sovereignty. With private cloud technologies, encryption keys are retained by the business owner. As a result, requests for access to data from government agencies and law enforcement must be routed through the company directly, instead of secretly through a third party data center operator.

Regardless of what happens following the January 31st deadline, the global conversation has clearly evolved from “how is my data being stored?” to “where is my data being stored?” While data breaches and government snooping will always be issues companies have to deal with, fortunately, there is a technological solution already available and ready for deployment today that significantly mitigates these risks.

What do you think? Will data location significantly impact the future of cloud innovation and legislative compliance? Sound off in the comment section below to share your take on the situation.