We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
Choose server location
I have a dropbox professional.
Is it possible to transfer my files to a server located in EU?
Not with Professional, no. That is something you can only do with a Business licence holding at least 10 seats: https://help.dropbox.com/accounts-billing/security/physical-location-data-storage
Mark
Super User II
Super User IINot with Professional, no. That is something you can only do with a Business licence holding at least 10 seats: https://help.dropbox.com/accounts-billing/security/physical-location-data-storage
Why?
GDPR applies to individuals and businesses, why can't individuals also have the protections that the EU citizens are entitled to?
GDPR does say that transfers of EU Citizens data outside of the EU and EEA is prohibited unless an adequate safeguard can be used. Each time the EU Commission agree a data sharing agreement with the US, i.e. EU-US Privacy Shield (Schrems I & II) , and when it is tested in the European Court of Justice conclude that the US data protection laws are essentially NOT equally good as the GDPR, specifically the US Foreign Intelligence Surveillance Act (FISA) Section 702, Executive Order 12333 and Presidential Policy Directive 28 and the Privacy Shield ombudsman does not have the power to adopt decisions that would be binding on US intelligence services.
How therefore can you say that data that is moved to the US from the EU is fully GDPR protected for individuals?
- Sam DBX
Community Manager
Hi An_Laoch,
Thanks for your question, happy to assist here.
We can confirm that Dropbox has SCCs (Standard Contractual Clauses) in place covering transfers of our users’ data. As you can check in our Privacy Policy, when transferring data from the European Union, the European Economic Area, the United Kingdom and Switzerland, Dropbox relies on a variety of legal mechanisms, such as contracts with our customers and affiliates, Standard Contractual Clauses, and the European Commission’s adequacy decisions about certain countries, as they apply.
Hope this clarifies!
Thank you
Actually, the European Court of Justice, in Schrems II, passed the case of SCCs back to the Irish DPC and in the Meta Ireland case the DPC found that Meta had infringed Article 46(1) GDPR by continuing to transfer personal data from the EU/EEA to the US following Schrems II. Meta Ireland effected those transfers on the basis of SCCs; however, the DPC found that these arrangements did not address the risks to the fundamental rights and freedoms of data subjects that were identified by the CJEU in its judgment. While the specific decision was in relation to Meta, it has implications for companies such as Dropbox too as the analysis in this Decision exposes a situation whereby any Internet platform falling within the definition of an an Electronic Communications Service Provider (ECSP) subject to FISA 702 PRISM programme may equally fall foul of the requirements of Chapter V GDPR and the EU Charter of Fundamental Rights regarding their transfers of personal data to the US.
