Zettabox, was founded by former Microsoft exex James Kinsella and Robert McNeal, two years ago, and aims to deliver services to a what they describe as a high data protection standard and give Europeans more control over their data.

Zettabox doesn't own any data centres. It stores its customers' data in leased data centres in eight European cities: Amsterdam, Berlin, Frankfurt, Milan, Geneva, Paris, London and Madrid. It plans to add more cities later. By setting up storage space in data centres across the continent, companies and governments can keep data in their home countries if they want to, said Zettabox..

Will EU privacy law give startups a leg up? Image: iStock/peterhowell
Will EU privacy law give startups a leg up? Image: iStock/peterhowell

Zettabox says that the data centres from which it leases space are all owned by European companies. In some cases, Zettabox owns the servers located in these data centers, and in other cases it also leases space in third-party servers.

The EU is currently working on a new data protection regulation intended to better protect citizens' privacy. Under the plans, companies could be fined up to €100 million (US$113 million) or 5 percent of their global annual revenue in case the rules are breached. A breach would include transferring personal data out of the EU without explicit permission.

So far, Zettabox customers haven't asked that their data be housed in a specific country or city, as long as it is stored in Europe, Kinsella said. That might change in the future, according to Kinsella, who anticipates that the upcoming EU data protection regulation will give countries the flexibility to demand that personal data stay within the country.

The European Commission in May unveiled its strategy for a single digital market, as it aims to get the new data protection rules adopted by the end of the year. At the same time, it also proposed a "European free flow of data initiative" to promote the free movement of data in Europe.

To mitigate European privacy concerns though, many US cloud companies are opening locations in various EU countries. Amazon Web Services for instance opened a second European location in Frankfurt last year to address privacy concerns. Other companies like Salesforce, VMware and Oracle are also opening data centresin Germany.

Privacy is not the only reason to do that though. Opening local branches allows providers to be closer to their customers, which helps reduce latency and improve reliability.

But as an ongoing case involving Microsoft shows, storing EU customer data in Europe doesn't always innoculate US vendors from the long arm of the US government.

In that case, Microsoft is refusing to comply with a search warrant issued by the US Department of Justice to turn over a suspect's emails stored on a server in Ireland. Microsoft argues that US laws do not apply in Ireland.

Its argument was backed in December by companies including Apple, Amazon.com, AT&T, eBay and Verizon Communications, all of which warned the case could impact the willingness of customers outside the US to do business with American tech companies.

That trust was already severely damaged when documents leaked by former US security contractor Edward Snowden revealed the extent of US spying programs. After that, the European Commission demanded the renegotiation of the Safe Harbor agreement that regulates the commercial transfer of personal data of EU citizens to the US

A new deal with better protections for EU citizens' data seems close, but some issues still need to be ironed out, including a clarification about the scenarios in which the US government would demand access to data from EU citizens.