[number6]

The cloud act allows US agencies to gain access to all data a US Company has access to regardless the physical location. This in turn means that a EU Company can't guarantee that the data isn't transferred out of the EU. To transfer data out of the EU one either needs a legal framework or consent. Consent has to be given in an informed manner, but since the company does not know for what reasons an US agencie can access the data they can not inform the person correctly under gdpr. A legal framework has to comply with the EU Charta. Indiscriminate access to information is not in compliance with the EU Charta so a framework cannot exist.

It's a legal deadlock.

[philistine]

Which the EU will solve by forcing companies to erect a legal firewall; otherwise they would define their laws as being underneath American laws with anything related to a US company operating in Europe.