23 June 2015

Iceland and data security

 In 2010 the government of Iceland decided it wanted to create a haven for new media that would be at the forefront of data security in Europe and perhaps the world. Since then the many data centres have been built in Iceland. Why would you store your data in Iceland? Deutsche Wella recently did a video piece on the topic.

Although an island, Iceland is only a few hours away from major capitals in the West. As an island it may be that it is less susceptible to large-scale physical attack on data centres (although to be fair, I’ve never heard of one occurring anywhere). Iceland has renewable energy, and one would imagine that cooling might not be too expensive even in summer. Verne Global's facility has a Level 3 connection, providing direct connectivity to many countries. Iceland might be also considered as being physically between Europe and the United States. The government of Iceland has partially funded development of these data centres, and it has some of the most stringent data protection legislation anywhere in the world — don’t forget that this is where the Pirate Party was founded, as well as the forerunner of the International Modern Media Institute, the Icelandic Modern Media Initiative. Both these organisations have had the aim of protecting and promoting freedom of expression and the freedom of information.

Iceland has an interesting piece of legislation — the Act on the Protection and Processing of Personal Data, number 77/2000. The purpose of the act is to promote the processing and collection of data in conformity with data protection and the right to privacy. The Icelandic Data Protection Authority can enter any premises where personal data is being processed without a court order. The purpose of these powers is to ensure compliance with the law.


A proposal being pushed by activists is a right to “data asylum” which might position Iceland as a data privacy haven. The International Modern Media Institute (IMMI) and its predecessor have been promoting legal frameworks for privacy in Iceland for five years, and Hörður Helgi Helgason , the ex-CEO of the Icelandic Data Protection Authority, has recently been named chairman of the steering group of the IMMI. Unfortunately, despite the high profile support to put Iceland at the forefront of data privacy, there is still some way ago.