> but will continue to go back and forth if GDPR remains as-is.
Yes, it should remain as is and enforced. Yes, storing your users' data in the US is extremely problematic because the US really couldn't give two shits about privacy, or user data.
It's funny that the President of the United States literally stated that the European Union's raison d'etre is inherently hostile to the US - pretty much as close as you can get to calling us an enemy - and yet EU politicians still desperately cling to holding the doors open for US corporations which continue flaunting our laws and are inherently incapable of abiding by them because of the US's publicly stated and demonstrated intent to commit warrantless surveillance under the use of gag orders.
Given how much Russian political influence tanked after the economic ties were forcibly severed (or at least had to become more discreet and indirect as in the case of Russian gas imports - though those will allegedly further decrease in the near future) it seems reasonable to assume that a lot of these weirdly pro-US anti-EU stances held by European politicians are linked to the economic ties to the US. But of course I'd never dare to accuse any EU politicians of taking bribes - us Westerners have far more sophisticated methods of giving politicians money to do what benefits us than the profane bribery of Russian cops being handed money to look the other way.
I get it, it's fun to take wildly impractical ideological stances on things and ignore reality.
However, this generation is beginning to learn the lesson every generation learns: one has to deal with the world as it is, not as one wishes it were. Scarcity exists.
Unfortunately, in globalized economic reality, you will have to transfer data to other countries to conduct business.
Unfortunately, in fossil fuel driven reality, you can't just go off fossil fuels by switching to paper straws, you have to actually build viable alternatives first.
Unfortunately, in non-world-peace reality, you can't just stop having a military and become pacifist. Turns out you still need missiles and tanks.
Unfortunately, in low-birth and low-economic-growth reality, you cannot let people retire at 62 and draw inflation-pegged pensions until death.
Unfortunately, in non-0 interest rate reality, governments can't keep deficit spending to prop up a broken socialist economic model.
What I'm learning that this generation will find way to justify any and all activity by any and all industries using any number of logical leaps and non-sequiturs, and will fight any way to make the world even a slightly better place because "low-birth and non-0 interest rate" or something. Or that 15000 invasive trackers have to keep my precise geolocation data for 12 years because "scarcity".
None of this is really true, though (except the paper straw thing which... obviously)
> Unfortunately, in non-0 interest rate reality, governments can't keep deficit spending to prop up a broken socialist economic model.
Governments have deficit spending because we subsidize private inefficiency at a social level and refuse to run them efficiently. It's insisting on letting private entities run things that is clearly not working.
You don't give any reference that we can look up regarding the problems you mention (ref: "if you're using any service touching data in any part of your business even remotely connected to the US or any non-EU country (so, almost everything"). They might be very reasonable, but seems we miss the point if we don't talk a bit more detailed.
What services are you talking about? AWS? Microsoft? Some small startup? Gmail? What data? etc.
The fundamental issue is the EU doesn't like that US intelligence agencies have the ability to subpoena any server associated with US firms or companies that use US firms. However, the vast majority of the entire tech industry touches the US in some way.
Last year the EU and the Biden administration came to an agreement (the second of these after the last was shot down). The current one may not stand either.
If it doesn't, and you're an EU company who has an employee using something as trivial as Notion, you're already in violation (even if Notion is otherwise GDPR compliant, the US gov can subpoena them and look at their data, meaning they can be declared defacto non-compliant).
This is further complicated by the fact that, as it turns out, having access to US intelligence isn't so bad in the context of Russia-Ukraine.
Yes, using USA based services with user data is against GDPR.
But sorry, saying "literally everything" is a gross exaggeration. Debugging a program with the help of ChatGPT is not using user data. Editing a logo is not using user data. Storing code on a web platform is not using user data. And others...
And even then, for some of the services (like mail, communication, erp, etc.) there are alternatives companies in Europe that work just fine.
I think GDPR is not perfect, but I do welcome measures to prevent over-collection of data by whomever.
> If it doesn't, and you're an EU company who has an employee using something as trivial as Notion, you're already in violation
There are only two possible interpretations of this sentence:
1. You have just confessed to a crime. Do your engineers store user data in Notion?
2. You have just confessed to not having even a single clue about GDPR and what it entails. Your engineers using Notion will not make your company liable for GDPR unless bullet point 1.
> This is further complicated by the fact that, as it turns out, having access to US intelligence isn't so bad in the context of Russia-Ukraine.
Ah yes. Your shitty company selling user data left and right to "our privacy-preserving partners" is the same as "access to US intelligence in the context of Russia-Ukraine"
Ah, you again! I see you’ve looked up all my comments to respond with vitriol to all of them. Doesn’t help to undermine my point that this has become a topic of religious dogma here.
No, I am not selling user data, nor is the vast vast majority of companies affected by GDPR. Please do not assume bad faith as it ends useful discussion (and is against HN guidelines).
So you believe GDPR and the ePrivacy directive (which people here unknowingly conflate) are the most perfect words ever put on paper and there is nothing that could be improved?
> Ah, you again! I see you’ve looked up all my comments to respond with vitriol to all of them
You think yourself more important than you really are. I've replied to many comments in this discussion, and three of them, I think, happened to be yours. Two of them happened in the same thread. This one.
> No, I am not selling user data, nor is the vast vast majority of companies affected by GDPR. Please do not assume bad faith as it ends useful discussion
Ah yes. Where good faith is "GDPR is bad because wellfare state and US intelligence"?
> So you believe GDPR and the ePrivacy directive (which people here unknowingly conflate) are the most perfect words ever put on paper and there is nothing that could be improved?
So, good faith and non-circular arguments are assigning words to opponents and trying to make them argue something they never said, apparently.
Imagine if anti-GDPR crowd actually argued in good faith. I can't. Because of behaviour like this.
The EU nations can't even get their own government's running on non US software/clouds. If GDPR was actually enforced like that you might as well just dissolve the EU and let each nation apply to join the USA for all the relevancy the EU will have on the world afterwords.
Yes, it should remain as is and enforced. Yes, storing your users' data in the US is extremely problematic because the US really couldn't give two shits about privacy, or user data.