Hacker News new | past | comments | ask | show | jobs | submit login

Sounds like a golden opportunity for someone to set up an EU company that is EU law compliant and start marketing themselves to banks and bodies that need this.



Problem is banks and similar institutions that "need" this don't really believe they need it, and see such rulings as more anti-American BS. So they find ways to comply that are absurdly minimal, like using Azure datacenters that are only in the EU. This achieves nothing, it's all still a software stack written in the USA, but it lets them tick the box that says "data resident in <European jurisdiction>".

There are ways to run operations in a way that comply with the spirit of these rulings. Hetzner, OVH and other cheap mini-clouds are EU based and have only EU datacenters. Guess where banks want to go? "The cloud" because "the cloud" is "the future" and they institutionally suck at running IT departments of any kind. So they ignore those offerings and find workarounds that let them outsource it all to the Americans who for various reasons just seem culturally better at making software companies.

The other problem that discourages people making EU compliant companies is the term is meaningless. EU is famous for rather weak rule of law. The courts have a history of "discovering" entirely new laws in vaguely written rights or regulations, like the famous right to be forgotten that caused and still causes endless operational pain. Not a law written by any lawmaker, not even the unelected opaquely appointed bureaucrats that write laws in the EU. A law literally invented in the courts themselves.

Because these laws are effectively invented by the courts or by a quasi-government that doesn't really have its own police forces or much of an enforcement infrastructure, this means many EU regulations aren't really enforced. Compliance is kind of on the honour system. So if you're selling compliance, but it costs a lot more than a US based solution that basically ignores these rules whilst claiming they don't, then you'll lose out to your competitors.

The final problem is, again, all this stuff is just legal posturing. The EU has a long history of having intelligence agencies just as aggressive as the NSA, and cutting deals with the USA to get access to US intelligence in return for data (see the SWIFT transfer programme). The EU and its fans like to claim there's some sort of deep cultural difference between Europe and America with regards to privacy, but when you strip away the press releases and look at the actions these countries/EU really make, there's virtually no difference. This is another reason why banks and other firms don't take it too seriously at their core.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: