1. I'd go with an EU based company over almost anywhere else, except maybe Switzerland or Norway. EU privacy law is the most mature; it has the broadest definition of personal data so it is more likely to apply to any given situation; it provides you with the most rights, including rights to access/correct/delete your personal data, and some rights to obtain redress; it obligates EU companies to provide reasonable and adequate protections for your data (i.e. some security). In addition, they have some legal restrictions on transferring data out of the EU or allowing it to be accessed from outside the EU. While there are exceptions for access to your personal data for law enforcement, national security, judicial or other reasons, this is true of every privacy law that I'm aware of globally.
2. I'd go with a company that doesn't have business operations outside of the EU. Even with the EU's cross-border transfer restrictions, when you do business with a company with business operations outside the EU, you are at greater risk, imo, of your data being transferred to a jurisdiction that doesn't provide as many protections.
3. Within the EU, for too many reasons to go into here, I'd probably go with a company in Germany, Denmark, or Sweden, maybe UK.
Slashdot Mirror
1. I'd go with an EU based company over almost anywhere else, except maybe Switzerland or Norway. EU privacy law is the most mature; it has the broadest definition of personal data so it is more likely to apply to any given situation; it provides you with the most rights, including rights to access/correct/delete your personal data, and some rights to obtain redress; it obligates EU companies to provide reasonable and adequate protections for your data (i.e. some security). In addition, they have some legal restrictions on transferring data out of the EU or allowing it to be accessed from outside the EU. While there are exceptions for access to your personal data for law enforcement, national security, judicial or other reasons, this is true of every privacy law that I'm aware of globally. 2. I'd go with a company that doesn't have business operations outside of the EU. Even with the EU's cross-border transfer restrictions, when you do business with a company with business operations outside the EU, you are at greater risk, imo, of your data being transferred to a jurisdiction that doesn't provide as many protections. 3. Within the EU, for too many reasons to go into here, I'd probably go with a company in Germany, Denmark, or Sweden, maybe UK.