I like Jaws
Good thoughts. But if you took care of your contracts and transfer impact assessments, it was possible to be compliant with the GDPR while using good US service providers. Also, the US are catching up in regards of privacy laws and California is just one good example for that. Some ideas in there exceed the GDPR in ways that protect people even better. And yeah, I’m speaking as a European data protection lawyer here and not the typical “USA, USA” fanboy. Credit where credit’s due
Safe Harbour and PS1 were bad from the start. This one actually has the chance to grow into something. It’s a solid basis and they learned from some mistakes from the past. Will be interesting how / when the US actually implements the promises made in the framework. I hope this time they take it more seriously. From a European perspective the option to have a competent partner for dialogue and questioning in the US was a big issue in the past. Plus, if the companies certified under it don’t include the types of data that are of interest to you under this framework, you are still protected by the other mechanisms under GDPR (SCCs and BCR), so chill. Meta won’t qualify for this one anyway, but a good US company like Microsoft does and that fixes a lot of political questions here in the EU in regards of the use of M365.
This worked. Thank you, friend