Harry SintonenA lot of services that are supposedly running in EU are currently having significant issues due to AWS US-EAST-1 being impacted. But surely this is just some dependencies that are down and all our data is really stored in EU. Right?
In letter, there currently is the "Transatlantic Data Privacy Framework" in place. However, the functionality of Data Protection Review Court (DPRC) in the USA is in question: "Trump then fired the Democrats in the PCLOB, leaving the five-person board with only one Republican, short of the three needed for it to formally make decisions." (*)
So, in effect, even if you were to appeal to this board, there would be no (just) recourse. In practice, there is no EU-US Data Privacy Framework in place. No one seems to care about this fact.
https://www.euractiv.com/news/deafening-commission-silence-with-no-credible-eu-us-data-oversight-left/
EDIT: *) PCLOB are not the same as DPRC, so supposedly DPRC should be functional, still. However, removal of any dissenting voices is worrisome to say the least. Far more detailed information how these entities interact can be found from: https://cdt.org/insights/what-the-pclob-firings-mean-for-the-eu-us-data-privacy-framework/
Ketumbra@harrysintonen and this news is from March - no change since then that I can find :(
@ketumbra The silence is deafening, indeed. There have been attempts to raise this issue but there seems to be reluctance to tackle the issue.
https://www.europarl.europa.eu/doceo/document/E-10-2025-000540_EN.html
https://www.europarl.europa.eu/doceo/document/P-10-2025-000941_EN.html
@harrysintonen You'd think MS, Amazon etc's compliance teams would themselves be lobbying for this to not scare off EU customers.
Alas, I guess until the money stops coming in, they will never care.
Sovereign clouds is the way to go: https://mastodon.world/@nlnews/115406210111661258
https://infosec.exchange/@ketumbra/114563899446637131
Alas, I guess until the money stops coming in, they will never care.
Sovereign clouds is the way to go: https://mastodon.world/@nlnews/115406210111661258
https://infosec.exchange/@ketumbra/114563899446637131
EU courts are naive to the to level of absurd. Here's a recent decision "Data Protection: the General Court dismisses an action for annulment of the new framework for the transfer of personal data between the European Union and the United States": https://curia.europa.eu/jcms/upload/docs/application/pdf/2025-09/cp250106en.pdf
This bit in specific is quite hilarious:
"As regards, in the first place, the DPRC, the General Court states inter alia that it is apparent from the file that the appointment of judges to the DPRC and the DPRC’s functioning are accompanied by several safeguards and conditions to ensure the independence of its members. Moreover, judges of the DPRC may be dismissed only by the Attorney General and only for cause, and the Attorney General and intelligence agencies may not hinder or improperly influence their work."
Aged like a sour milk, that.