Hacker News new | ask | show | jobs
by cstpdk 1290 days ago
The content of that link sounds fine in terms of GDPR if one only uses the EU servers. Am I missing something?
1 comments
q-base 1290 days ago
I read it differently, especially in light of Schrems II. EU-datacenters from any of the big US-based providers does not automatically make you comply either.
link
Vespasian 1290 days ago
As I read it the issue is that the American HQ can order their European subsidiary to provide the data.

Hetzner US does not have a European subsidary and therefore cannot violate GDPR (assuming US personal can't access EU customer data).

Hetzner HQ is in Germany and is not allowed to enforce the CLOUD Act outside the US

link
q-base 1290 days ago
That could also be correct.

But if I was under legal/contractual obligations, with Hetzner as my hosting provider, I would have their legal department confirm this.

Since Hetzner found the need for appending the paragraph I referenced, they must have become aware of something.

link
Vespasian 1290 days ago
True.

Now that they are entangled with US law there might be an incentive to be as a cooperative as possible.

Yet, Hetzner is still a "better" option (with regards to data protection) than any of the big US-based cloud providers.

link
baridbelmedar 1290 days ago
Not sure I follow, in what way are they better?

Imho, as soon as you do business with the US or trade in US Dollars, you need to play nice with the relevant authorities.

If I understood it correctly, Hetzner is now "infected" in the same way as the three US cloud providers are. The Schrems II verdict and Cloud ACT basically concludes that no European company can exist in the US and vice versa without having to deal with the same pesky legislation.

An alternative could of course be that Hetzner created a new US based company where the EU parent Hetzner company only holds a minority ownership in the new US-based company. The EU based parent company in turn then "sells" its technology to the new US company. This way, the arrangement becomes more reminiscent of how IBM has sold its mainframe to European companies...

link
welterde 1289 days ago
Why would it matter at all if it's a minority or majority stake in the ownership of the US subsidiary? As far as I understood it the combination of GDPR and CLOUD act only disallows the combination of US mother-company with EU subsidiary, but the inverse should be fine, since the US has no legal influence over the parent company?
link