|
|
|
|
|
|
by cnorthwood
1565 days ago
|
|
|
IANAL - but no, you definitely don't. What you do need to have in place is safeguards that any data on EU customers not hosted in the EU/EEA is subject to the same safeguards/level of protection outside the EU that it would be inside the EU. There are "standard contractual clauses" (SCCs) provided by the EU which are the easiest thing to adopt as part of (or an appendix to) your terms of service. However there is doubt that it's possible for a US-based firm to comply with the SCCs due to some US national security laws, which you probably do need a lawyer to review based on your specific context (data you're collecting, etc) |
|
|
I've working for someone who has had a hard time expanding outside of NA, so it feels like I'm living on a mountaintop, and I'm still not clear on what data can live say in a central accounts database.
Sharding is a solution whose scope has been diminished substantially by consistent hashing, but with all of these provenance laws it sounds like we need something that is a hybrid of the two. Irish users' data can be stored in Ireland, Germany, Greece, and Spain, but if they're sitting in a hotel room in Chicago realizing that when people said, "it's cold in Chicago in the winter" they meant, "don't go to Chicago in the winter," not, "pack your scarf and wool socks", and so they're complaining to their friends online instead of going to MoMA in the sludge, we can't pull their user data from Ontario, we have so schlep all the way back to Cork or Brest to get their account information. Which means you have some sort of hashing of shards or shards of hashing...