[ktta]

Can any one please explain in layman terms what this means a bit more clearly?

I think I understood the part where the US no longer a good place to store data, and that there are no proper privacy laws protecting foreign citizens' data that is stored on US soil. So basically, if you still want to have a proper privacy policy, GTFO your data to non-US servers ASAP.

Anything else? Something I've gotten wrong?

[pjc50]

EU law requires certain protections for data classed as "personal data" and "sensitive personal data". It especially requires that "Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data".

There was an agreement, "safe harbour", with the US, but Trump has issued an EO that contradicts it: https://www.lawfareblog.com/us-eu-privacy-shield-maybe-yes-m...

If that agreement is terminated, then it's no longer legal to transfer personal data from the EU to the US. This affects rather a lot of companies.

https://en.wikipedia.org/wiki/Data_Protection_Act_1998#Defin...

[tremon]

To add to that: Safe Harbor had already been ruled inadequate in 2015 by the European Court of Justice, in light of the Snowden revelations. A new agreement (Privacy Shield) had been drafted and signed in 2016, even though it was considered equally inadequate by everyone except the European Commission.

https://en.wikipedia.org/wiki/Privacy_Shield

[Beltiras]

There's also the chance that USDoJ vs. Microsoft will land in USDoJ's favour. If so, then if your cloud provider is US-based (e.g. Amazon), then your data can be procured by the US government with a NSL or similar secret court mechanisms without you even being notified. I don't think that people frequenting HN need to have it explained to them why this is bad for US-based cloud providers. Amazon needs to segregate Frankfurt, fast.

[darkr]

Ireland's in the EU too (eu-west-1)

[isolli]

Will US companies really be able to segregate like you suggest? That sounds too easy...

[milesrout]

I know of more than one company that has essentially duplicated all of their infrastructure from the US to the EU so they can store EU data in the EU.