Your data might be in Europe but your risks are not
Most organisations I work with have no idea where their data lives. None.
Some might use UK and EU data centres for some of their infrastructure, such as their website. That might sounds reassuring, but they're missing the bit that really matters.
The thing is, when you rely on US-based tech companies, you take on risks that sit in the small print rather than the marketing page.
Tom Watson and I have created a new initiative as an attempt to help bring those risks into the light.
Risk #1: Jurisdiction
On the TechFreedom site we ask a simple question:
Where does your data actually live?
We're not just talking about geographically, on a map, but in legal terms. Under whose laws are you operating?
If your organisation stores sensitive data with a US‑headquartered provider, that data can still be subject to US access requests – even if the servers are physically in the EU.
As I pointed out in a previous post, Microsoft France had to spell this out to the French Senate in June 2025. They could not guarantee that French customer data in French data centres would be shielded from US government demands.
Once you realise this, simply knowing that your data is physically located in Europe stops feeling... quite so reassuring.
Risk #2: Business Continuity
Over at TechFreedom we also talks about business continuity in very plain language:
What happens when a platform changes the rules?
Depending on a single provider means you are vulnerable. Prices can jump, terms can shift, and features you rely on can be removed. In the worst case, you can be locked out.
For a lot of charities, co‑ops, and small organisations, this is not an abstract concern. One big change to pricing or access and the organisation stops working properly.
Part of this work is about reducing single points of failure and building systems you actually own and control, rather than just rent access to. We can help you do that.
Risk #3: 'Quiet' Surveillance
The third strand on the site is about surveillance:
How much does your tech stack know about you?
Most people have a rough sense that the tools they use collect data about them. But fewer people have looked closely at what is collected, how long it is kept for, and who it is shared with.
The line between “analytics” and “surveillance” has blurred in recent years. A lot of software watches staff, volunteers, and the people you serve, in ways that are not visible unless you go looking. The fact the server happens to be in London, Amsterdam, or Frankfurt does not change that.
What we are doing with TechFreedom
So, what are we actually doing?
TechFreedom is a small‑cohort programme for organisations who want to know what they are really working with, instead of guessing.
In each cohort we will:
- map your data flows and jurisdictional exposure
- look at where sovereignty matters most for your organisation
- check how dependent you are on single providers
- audit your tools for data collection and quiet surveillance
- work with you to find alternatives you can see and trust
We're not aiming at perfection. Instead, we want to help you run an organisation that is stable, more independent, and more transparen about the trade-offs its making. At the end of the day, it's more than just switching apps.
Tom and I have both spent years helping social purpose organisations think about technology, risk, and values. This is us pulling that into a focused piece of work for people who are ready to move beyond feeling uneasy about Big Tech and towards we've got a plan.
Want to be in the first cohort?
TechFreedom is currently in development. We are putting together the first small cohort of organisations who want to take a clear‑eyed look at their tech stack and the risks that come with it.
If that sounds like you, add your details at techfreedom.eu. We will let you know when the first cohort opens.