The fundamental issue is the EU doesn't like that US intelligence agencies have the ability to subpoena any server associated with US firms or companies that use US firms. However, the vast majority of the entire tech industry touches the US in some way.
Last year the EU and the Biden administration came to an agreement (the second of these after the last was shot down). The current one may not stand either.
If it doesn't, and you're an EU company who has an employee using something as trivial as Notion, you're already in violation (even if Notion is otherwise GDPR compliant, the US gov can subpoena them and look at their data, meaning they can be declared defacto non-compliant).
This is further complicated by the fact that, as it turns out, having access to US intelligence isn't so bad in the context of Russia-Ukraine.
Yes, using USA based services with user data is against GDPR.
But sorry, saying "literally everything" is a gross exaggeration. Debugging a program with the help of ChatGPT is not using user data. Editing a logo is not using user data. Storing code on a web platform is not using user data. And others...
And even then, for some of the services (like mail, communication, erp, etc.) there are alternatives companies in Europe that work just fine.
I think GDPR is not perfect, but I do welcome measures to prevent over-collection of data by whomever.
> If it doesn't, and you're an EU company who has an employee using something as trivial as Notion, you're already in violation
There are only two possible interpretations of this sentence:
1. You have just confessed to a crime. Do your engineers store user data in Notion?
2. You have just confessed to not having even a single clue about GDPR and what it entails. Your engineers using Notion will not make your company liable for GDPR unless bullet point 1.
> This is further complicated by the fact that, as it turns out, having access to US intelligence isn't so bad in the context of Russia-Ukraine.
Ah yes. Your shitty company selling user data left and right to "our privacy-preserving partners" is the same as "access to US intelligence in the context of Russia-Ukraine"
Ah, you again! I see you’ve looked up all my comments to respond with vitriol to all of them. Doesn’t help to undermine my point that this has become a topic of religious dogma here.
No, I am not selling user data, nor is the vast vast majority of companies affected by GDPR. Please do not assume bad faith as it ends useful discussion (and is against HN guidelines).
So you believe GDPR and the ePrivacy directive (which people here unknowingly conflate) are the most perfect words ever put on paper and there is nothing that could be improved?
> Ah, you again! I see you’ve looked up all my comments to respond with vitriol to all of them
You think yourself more important than you really are. I've replied to many comments in this discussion, and three of them, I think, happened to be yours. Two of them happened in the same thread. This one.
> No, I am not selling user data, nor is the vast vast majority of companies affected by GDPR. Please do not assume bad faith as it ends useful discussion
Ah yes. Where good faith is "GDPR is bad because wellfare state and US intelligence"?
> So you believe GDPR and the ePrivacy directive (which people here unknowingly conflate) are the most perfect words ever put on paper and there is nothing that could be improved?
So, good faith and non-circular arguments are assigning words to opponents and trying to make them argue something they never said, apparently.
Imagine if anti-GDPR crowd actually argued in good faith. I can't. Because of behaviour like this.
The fundamental issue is the EU doesn't like that US intelligence agencies have the ability to subpoena any server associated with US firms or companies that use US firms. However, the vast majority of the entire tech industry touches the US in some way.
Here's a good primer: https://trustarc.com/resource/schrems-ii-decision-changed-pr...
Last year the EU and the Biden administration came to an agreement (the second of these after the last was shot down). The current one may not stand either.
If it doesn't, and you're an EU company who has an employee using something as trivial as Notion, you're already in violation (even if Notion is otherwise GDPR compliant, the US gov can subpoena them and look at their data, meaning they can be declared defacto non-compliant).
This is further complicated by the fact that, as it turns out, having access to US intelligence isn't so bad in the context of Russia-Ukraine.