> I don't think it's accurate to solely blame the EU when this is in response to legislation that gives/gave the US access to all types of personal data on European citizens.

I would argue that the Americans getting better privacy protections and working with other countries instead of forcing American companies to behave illegally abroad would be a much better solution than the Europeans watering down their privacy laws.

American companies will set up independent shell companies or subsidiaries to serve European customers anyway. Microsoft and Amazon are never going to voluntary leave a market of 400M customers. Doing so would leave too much room for a competitor to grow and then threaten them. So if fragmenting the web means that Europeans get the same services as Americans, but with better privacy, then I am all for it.

Europeans are to blame for the flaws in the GDPR, not for doing their thing without the blessing of the Americans.

Maybe that's true for the Microsofts and Google's of the world. But for smaller companies trying to provide SaaS or PaaS it totally keeps them from entering the market. So in the end it only increases the difficulty to compete in EU and increases the power of these mega corps.

The recent German judgment was also about subsidiaries. If 'Meta Europe ' falls under the cloud act it isn't GDPR compliant.

It’s a simple shell game. Meta US can very well become a subsidiary of Meta Bahamas, and still get licensing fees for its brands and IP from a nominally independent Meta EU.

I agree. Hopefully this is temporary and they can figure out a reasonable compromise. As a Swede I do feel that parts of the EU (with Germany and France) are heading in the wrong direction. Those are not countries famous for their entrepreneurship and it seems like their first instincts in relation to the US are usually protectionist.

I'm also European and I completely agree with you. They're basically taking the whole EU as a hostage to protect their own inefficient domestic companies =(

I can tell you that there's a deep-seated suspicion in the US that for France, much of GDPR's purpose is about enabling protectionism.

The logic is understandable. Surely, if you just get rid of the abusive American monopolies the home-grown companies will take their rightful places... right?

That doesn't seem to be true though. There are multiple countries outside the EU that have an adequacy decisions regarding their privacy laws like: Japan, South Korea, Canada, UK, Isreal, etc. They can host EU data without issues.

The only reason the privacy shield agreement was thrown out was due to lack of safe guards from US intelligence.

Even without the privacy shield, US companies would still be able to store EU data in a country with an adequacy decision if it wasn't for the CLOUD act. This seems more to do with US law wanting access to EU data.

Critically, they want access for for free.

The US does not have to give anything in return to get all the private data from EU they want.

The EU in return gets...nothing.

If you are a politician this is not a great position, you get no money, no jobs and no data.

If they equalize data access, "data sharing" (on an intelligence and on a commerical level) could be a valuable component of future negotiations.

> The EU in return gets...nothing.

The EU gets the services they use....

Of course the users do (and pay for it)

However from a political standpoint that's as good as nothing.

Is there anything restricting US companies from first transferring EU data to a country `A` with an adequacy decision and then transferring that data to the US (assuming `A` allows this)?