This article discusses the data embassy, a new international legal concept created in response to a pressing problem. In 2007, Estonia fell victim to ‘distributed denial-of-service attacks’ and consequently, made Estonia's entire public sector data communications network inoperable. Their response was to strengthen their protection against and penalization for cybercrime, and to develop the concept of a ‘data embassy’. On 20 June 2017 the Republic of Estonia and the Grand Duchy of Luxembourg signed an ‘Agreement on the hosting of data and information systems’, to host Estonian data in Luxembourg. Such data embassies perform a unique function and benefit from many privileges and immunities, but their legal status has been unclear. This article addresses the question concerning the legal status of the premises of the data embassy.
