[devit]

How can this work?

If the point of the law and recent court decisions is that data must not be available to US intelligence, then obviously the AWS US datacenters should not be a suitable choice, and the non-US ones probably shouldn't be either (since there is no way to prevent the US employees from covertly accessing them).

Are there loopholes in the law/court decisions?

[csirac2]

A big part of the decision was actually a bit more mundane - the fact that EU citizens couldn't access the same legal recourse for a breach with foreign operators under safe harbor as they could for EU ones.

And so the safe harbor agreement was found not to provide equivalent protections as required by the charter.

[DavideNL]

If "company X" (a customer of Amazon) is sharing EU citizens data through amazon AWS to the US, who is sharing the data? Amazon or "company x" ?

Amazon has approval from EU data protection authorities, but "company X" apparently doesn't need approval?

[stingraycharles]

I don't have a concrete answer to that, but my experience in the online advertising industry and the associated laws tells me that it is the end-user facing company that is going to get the blame in case something goes wrong. They might get away with it in case they really, really did their due diligence and were unable to be aware of any wrongdoing, but that's going to be hard to prove.

For example, if a publisher decides to make money using some shady ad network, and that ad network distributes malware / violates privacy rules / whatever, the publisher is the one that's going to hang for it, not the ad network. This will mean that publishers are naturally incentived to get really good guarantees that the ad network (or, more relevant to this point, the hosting company) isn't violating any laws. I suppose there will be some standardized compliancy test that these hosting companies will be doing to give their clients some assurance that it's safe to host their data with them.

In the end, I think this is good for EU citizens, and sucks for the people who have to deal with the laws.