[eurg]

Most companies hope to sit it out non-compliantly until the law changes, and seek protection in numbers.

Given the strange situation of repeated, failed attempts at making a cross Atlantic agreement, I wonder how GDPR ever became law.

[thefounder]

You don't need an Atlantic agreement to enforce GDPR in Europe, at least not for multinational corporations.

[eurg]

The failed agreements are meant to make it possible to legally use certain SaaS in the EU, at all. That such agreements seem to be impossible under current law, despite being attempted to create by parts of government, is the interesting part. EU governance is very non-homogeneous even w.r.t. desired results.

[thefounder]

You can't legalise a U.S surveilance program in the E.U regardless of how you wrap it. I think that's what the ECJ ruling is about.