| ▲ | vladms 2 hours ago | |
You don't give any reference that we can look up regarding the problems you mention (ref: "if you're using any service touching data in any part of your business even remotely connected to the US or any non-EU country (so, almost everything"). They might be very reasonable, but seems we miss the point if we don't talk a bit more detailed. What services are you talking about? AWS? Microsoft? Some small startup? Gmail? What data? etc. | ||
| ▲ | pembrook an hour ago | parent [-] | |
Literally everything. The fundamental issue is the EU doesn't like that US intelligence agencies have the ability to subpoena any server associated with US firms or companies that use US firms. However, the vast majority of the entire tech industry touches the US in some way. Here's a good primer: https://trustarc.com/resource/schrems-ii-decision-changed-pr... Last year the EU and the Biden administration came to an agreement (the second of these after the last was shot down). The current one may not stand either. If it doesn't, and you're an EU company who has an employee using something as trivial as Notion, you're already in violation (even if Notion is otherwise GDPR compliant, the US gov can subpoena them and look at their data, meaning they can be declared defacto non-compliant). This is further complicated by the fact that, as it turns out, having access to US intelligence isn't so bad in the context of Russia-Ukraine. | ||