Move Data Handling to EU for European Kagi Users

Peter

Havok
This only makes sense if Kagi would move its headquarters to the EU.
To quote Frank Karlitschek, CEO of Nextcloud:

"The Cloud Act grants US authorities access to cloud data hosted by US companies. It does not matter if that data is located in the US, Europe, or anywhere else."

Havok

Peter It doesn't give me immediate access, and the requests can be legally challenged based on customer rights and laws in other countries. But yeah, the best would be for Kagi to just move out of the US all together and open up shop in Canada, Switzerland or something (even though that doesn't remove the Cloud Act, just makes it harder).

Mackou

Realistically Kagi headquarters and servers could move to Canada

RoxyRoxyRoxy

Mackou …why? I don’t follow Canadian data privacy law but I don’t think they have anything like the GDPR, which is pretty much what this whole thread is about. Also to be entirely frank I'd prefer not to have my data in Canada.

Peter

The EU decided that Canada has an adequate level of data protection and that it continues to do so:

The Commission concludes that Canada continues to provide an adequate level of protection for personal data transferred from the EU to recipients subject to PIPEDA.

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52024DC0007

OTOH, the EU also decided that commercial US organizations participating in the EU-US Data Privacy Framework have an adequate level of data protection--but the European Court of Justice has already held twice (Schrems I and Schrems II) that US law is not "essentially equivalent", so it's probably just a matter of time that the current framework becomes illegal: https://noyb.eu/en/us-cloud-soon-illegal-trump-punches-first-hole-eu-us-data-deal

RoxyRoxyRoxy

Peter Ah interesting, thank you. As a thought for Kagi and EU users to chew on, would third party audits much like Proton does be acceptable and feasible? This could show, along with a canary-type system, that Kagi users’ data is still safe and secure in the US.

Peter

Peter Also keep in mind that this primarily concerns businesses. As a normal user, you're always free to use US providers.

Peter

RoxyRoxyRoxy I'm not sure what the best approach would be. Maybe creating a second, independent business structure in a country like Switzerland or even Canada for things like Kagi Mail which will probably be a data-intensive product? But I'm not a lawyer, I only play one on the internet (I'm just a cat IRL).

kimdre

A separation between the USA and the EU would be great. The data protection laws in the USA are a joke and a nuisance for every European user.

HandleHue

I hope that with this: https://www.theguardian.com/world/2025/mar/25/stunning-signal-leak-reveals-depths-of-trump-administrations-loathing-of-europe

is a little clearer as to why some Europeans have a bit of a hard time trusting a U.S.-based company with their research. 🙂

The lack of trust is not, of course, with Kagi but with US.

silvenga

HandleHue note that the Guardian has had documented issues (noted above) with journalistic integrity around this topic.

Story choice was not just leaning left, but actively demonizes American conservatives/Republicans

consistent sensational language

Lots of sensationalism in stories about Trump, e.g. a piece that noted a "flurry of lawsuits" and actively tried to negatively polarize the reader against Washington Post when bringing up its nonendorsement of a 2024 presidential candidate.

The Guaridan is actively opposed to/biased against Trump
AllSides - Guardian (their formatting)

HandleHue

silvenga lol, are we really already at the demonisation of whistleblowers without talking about the facts? The chats have been confirmed by everyone, including the US, as true.

Hope for less Trump-lovers responses.

RoxyRoxyRoxy

HandleHue Whether someone is a "Trump-lover" or not doesn't mean their opinion should be discarded in this matter, and it's a little disrespectful to imply otherwise. I believe we as Kagi users can have better discussion than Facebook-tier shit-flinging.
Yes, the US has data-privacy issues that should absolutely be discussed, but these aren't new or unique to the Trump admin, and are entirely separate from how said admin views defense spending. I'd even say that we far surpass Europe in many metrics and legal issues I'd consider essential for Internet freedom and security.

HandleHue

RoxyRoxyRoxy I posted a famous, important and world-known news story explicitly talking about the fact conclaimed that Trump and Pence privately and publicly describe Europe and Europeans with unkind words, let's say.

The response I received was just a rant against The Guardian newspaper, that is, on of the first link I found by doing a simple search (on Kagi by the way) of that news story and it is totally indirritating on the fact itself namely that Trump and Vance hate Europe and consequently many Europeans do not feel too comfortable leaving potentially sensitive data in the hands of a U.S. company because of all the possible implications of the case.

This is the topic, anyone who rants about “the Guardian blah blah blah” is off-topic and is just trying to pollute the discourse.

ak42

RoxyRoxyRoxy I believe we as Kagi users can have better discussion than Facebook-tier shit-flinging.

I totally agree with this.

Let's drop the "my country has a bigger security policy than yours" useless (and wrong - different perspective / different opinons) "debate"
Let's just remember that WHATEVER the country, Kagi will have to comply with local authorities.

This topic, AFAIU, is about trusting the country where data is hosted.
The US, have been known for some time to target non US citizens with their PRISM program. (whatever the gov: democrats and republicans)
It is actually understandable for non-US citizens to want to avoid their data being store in the US.

so as far as I am concerned, as a EU resident, I'd rather have my data in EU datacenters not owned, but rented by Kagi, even if i know for a fact, that my data will not be more "private" but just not at the reach of US gov.

For our data to be "private" we need E2EE.

[deleted]

--deleted--

RoxyRoxyRoxy

[deleted] Not trying to be combative, I genuinely don't know what you're referring to. We have strong protections for free speech and largely unregulated Internet. Again I'm not denying our issues but to imply we don't have freedom more than a little ridiculous.

HandleHue Imo media bias is an extremely important and concerning thing, but I understand how you might see it as polluting the issues. That being said, again, what Trump / Vance / Hegseth / whoever think of Europe's defense spending isn't really relevant to European users' data safety, just as any opinions the Swiss government has on Trump is irrelevant to my data's safety as a Proton user.

HandleHue

RoxyRoxyRoxy I disagree with this point of view: the CLOUD Act is active in the United States, which allows federal agents to force U.S. companies to provide data even on European servers.

The discourse is just different and keep getting around it by talking about something else.

I trust Proton because, thanks in part to independent audits, I know they do not possess data so even if they were politically aligned differently from my thinking this does not affect my security in the slightest. Signal is also secure despite being U.S.-based precisely because it uses end-to-end encryption, has independent audits, and doesn't have data even if it wanted to and can't be forced to hand over data that it actually doesn't have.

The point here is another: Kagi cannot claim or prove with certainty that no data is saved or shared with the government (the fact that Trump is there is just a “more” not THE reason) even because of horrible laws like the CLOUD Act.

Kagi has developed the fantastic Privacy Pass tool which as far as I am concerned solves the root problem on this point but using it you cannot have your own customizations and this makes it, in my humble opinion, a bit useless for everyday use.

So what is hoped and asked for is that Kagi can either be under less crazy legislation than in the U.S. or to have a system, like Signal, that ensures that no data can be saved.

[deleted]

--deleted--

RoxyRoxyRoxy

[deleted]

And "unregulated Internet" isn't always a good thing, especially not if it harms persons or is a thread to democracy.

Going to have to agree to disagree on this one, where is the line drawn? Who decides what constitutes a "harm" or "threat to democracy"? Any well meaning carve-out of free expression will inevitably lead to bad actors using it for their gain and everyone else's' detriment; but we're getting off topic a bit. At the end of the day, right now our Internet services are entirely separate from any views our government puts forth. I'm not denying European Kagi users have a right to an opinion on Trump's words, but they're just that, Trump's words. They don't reflect any actionable policy or risk against Europeans on behalf of Kagi or any other US-based Internet company.

HandleHue ak42 Thank you both for bringing up CLOUD and PRISM, those (and laws like it) are exactly what I was referring to when I acknowledged the US' own issues. I agree that these are absolute abominations of law and policy. These exist outside of whatever side is in office right now, so I think it does a disservice to the discussion that most of what's been said relates to Trump and how he might harm Europeans. We should definitely be focused on material concerns such as those laws and our intelligence-industrial complex. It's also important to remember that intel-sharing (Five Eyes) is unfortunately a thing. Imo it's better to make resilient and secure infrastructure (e.g. Privacy Pass, E2EE) than worry about where data is held geographically.

« Previous Page Next Page »