Hacker News new | past | comments | ask | show | jobs | submit login

I think the main thing for GDPR is that US based employees should not have access to manage EU datacenters remotely.

Why would an US employee leak personal data just because they’re in the US? It would be a clear violation of employment and probably criminal.

So one concern (and it's not just a theoretical concern; it has happened) is that a US court forces the US branch to use access it has to data held by the EU branch to exfiltrate data. Companies with the highest standards on this stuff will want either a pure-EU host or a host structured such that this can't happen.

Hmm, this is definitely worrying.

US court says hand over the data. German court says that's illegal to do. Complying is illegal and so is not complying.

Not Complying with US law is also illegal, now imagine who has more to say in that regard.

Hetzner should split up in two Company's.


The CLOUD Act applies to all electronic communication service or remote computing service providers that operate in the U.S, whether those providers are established in the United States or another country.

Fully legal thanks to "cloud act":


That surprises me (not that I'm particularly educated on this), any links to more info on why GDPR requires that?

The Schrems II judgement might be applicable. I know that in the EU-based company I work for we have strict requirement for all cloud providers to comply with Schrems II, and not send/store any personal data to outside EU.


i was asking specifically about "US based employees should not have access to manage", which isn't necessarily the same thing as "not send/store any personal data outside the EU". You could have data stored inside the EU, but then saying no US-based employees can have access to it seems like another further requirement? Although it may be one under GDPR? But that's what I meant asking for more info about, sorry!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact