Data storage for European clients

Hi there

the current data storage options (Firebase, Airtable, MediaDB) are all US based. From a legal perspective it is my understanding they currently work under the Standard Contractional Clause (SCC) to satisfy the GDRP requirements. However, the leading legal opinion is that the SCC will eventually be thrown over for the same reasons the Privacy Shield did. Obviously, this is no base for a solid strategy for European business’ using Thunkable.

What are Thunkable’s plans (and perhaps even time line) to provide a data storage option for European clients?

What are other European clients doing to solve this dilemma?

Are there plan’s to provide an interface from Thunkable to MySQL? MySQL databases can be run by a European company/data center. This could be one solution.

Thank you

Hi @tutzing

Actually, when you create the Firebase Project, it is stored in the region of your choice.
Please see: https://firebase.google.com/docs/projects/locations#default-cloud-location

Airtable is also very likely to comply with this, as it is part of EU Law.

You can use Web API to interact with a REST API that is linked to a MySQL (or MariaDB) database, which is based in your country (this is what I do for some clients with small data requirements).

The interesting thing is, I don’t know where Thunkable Projects themselves are stored, which should also be in the EU for relevant Thunkable Users.

Not that it matters, but I hope Thunkable don’t spend time on a link to MySQL because:

1. MySQL is not the best type of database for apps (in general).
2. We can already interact with MySQL via Web API, which is better than (the developers) getting involved in adding SQL queries to an app.
3. Adding an interface for that might slow down the app as a whole.
4. Firebase (when secure) is better for that anyway, as it is more efficient at doing searches than MySQL.
5. You can link your Firebase to analytics and setup live data tracking etc.

If you really want to use MySQL (as mentioned, I do, with no problems), my advice is to start with something like DreamFactory where you can create custom APIs, to interact with a database of your choice: https://www.dreamfactory.com/ (they have a version you can host yourself).

There’s also https://restdb.io/ which was specifically created for this purpose by a company in Norway.

"restdb is a NoSQL database cloud service. Data is accessed as JSON objects via HTTPS. This gives great flexibility, easy system integration and future compatibility.

restdb supports the most common data types like text, numbers, boolean and date. To save development time, restdb also has built-in support for media and documents."

Details at: https://restdb.io/features/

Thanks for your response @appspark.uk,

unfortunately the issue goes deeper. With US Cloud Act it doesn’t matter where the data in actually located. The way I understand it, any US company or even subsidiary of a US company is required by law to open their worldwide data to the US authorities.

From a technical perspective I completely agree with your assessment of Firebase and MySQL. Unfortunately, as it stands right now, the days where Europeans can legally use Firebase (or Airtable or any US service) are numbered. Unless of course, Google decides to make Firebase open source and an European hoster picks it up.

I curious how these companies prepare for the time after the Standard Contractual Clause.

Thanks for mentioning Restdb. It actually looks very promising from a legal and technical perspective. I will fiddle around with it.

There’s always the possibility of creating your own REST API using MEAN or some other stack, though this isn’t something I do myself.

Isn’t Google LLC in Switzerland or something? It’s therefore being protected by EU Law even if it has a parent company?

I think the other important point to make is: Will US Authorities really care about the data you’re storing? Probably not. They have to get a warrant to see it anyway and depending on cause, Google might not comply if the data is stored purely outside the US (which is the point of the default cloud location).

To be honest I think it is not a major problem, because the data IS technically stored in the EU, so that is compliant even if US Authorities gain access. Most big companies (including some Gov departments and the NHS) use Amazon, which is the same situation of storing data in the UK with a US parent company. That’s not to say that they’re incorrect, but they can’t give you sh*t for it if they do it…

The UK’s Home Office has tossed a contract worth up to £100m of taxpayer cash at Amazon Web Services to renew a public cloud hosting agreement with the American giant for four years.

The contract was published on Contracts Finder this week but the start date was actually on 12 December and it runs until 11 December 2023.

“The award of the Public Cloud Hosting Services contract to Amazon is a continuation of services already provided to the Home Office," a spokesperson at the department told The Register.

“The contract award provides significant savings for the department over a year-year term,” she added.

There is of course, no guarantee that the Home Office will spend £100m with AWS over the period, but it can spend up to that amount.

[source: https://www.theregister.com ]

So essentially; If it’s secure in transit and at rest, you shouldn’t really have a problem…

.