[zobzu]

is it really just that? I don't think so. Safe harbor has always been a joke to begin with. A promise of good conducts with no checks whatsoever, that's not how humans work.

Forcing the data to be in the EU makes it much harder for the US govt to look at the data in bulk and non-obvious ways, as they now have to either backdoor remote systems or transmit data back, instead of just having their little machine in the datacenter.

Of course, EU will have their own little machine in the EU datacenter, but at least the intelligence gathering is then split (which helps protect EU companies from US companies - in case you did not notice and you're born yesterday, companies govern the world, not the government per se.)

Now to implement user-side and end to end crypto in everything regardless..

[rurban]

Have you forgot about the GHCQ and their "illegal" data exchange to overcome legal hurdles? And I wouldn't vouch for other friends of the USA who exchanges data >10% (the self-imposed german limit) en bulk. Denmark, Sweden and the Neitherlands would come to my mind. In almost every european country are huge US listening posts.

So even inside the EU there's not a safe harbor as you don't know the percentage and the filters in place, the secret interpretation of laws, and cooperation, infiltration and hacking into the main exchanges and cables.

[csirac2]

I think focusing on the intelligence aspects is a bit of a distraction. The court in question was asked whether there was a case to be heard at all ("does this safe harbor thing really do what it says on the tin?") and the outcome as we know was "no", but not (only) due to vague undocumented (by court standards) foreign intelligence activities, but because rather simply the plain fact that unlike an EU operator, EU citizens have no legal recourse against companies in the US in the event of disputes such as the one in question.

It's this lack of legal process which means that the safe harbor agreement did not provide equivalent protections required by the charter, without even considering the spying angle.