Isn’t this sort of what we accuse the Chinese of doing? The US designs the technology and then the Chinese manufacturers steal that design to make their own?
Except now, the EU is more or less forcing American companies to sell unaffiliated spin-offs to the EU to continue doing business there. Seems a bit underhanded to change the rules now after so long, especially considering the fact that the EU can’t make these companies for themselves or they would have already.
isn't the crux of the matter the all-reaching laws of the US that allows their intelligence agencies to order EU-subsidiaries of US companies to offer up their data..?
I would be frankly shocked if EU countries did not have the same laws on the book. If German court serves Volkswagen AG a warrant for data kept by Volkswagen America, can Volkswagen AG just not comply?
They can fight in an american court. The issue is the cloud act which was passed explicitly to fight eu companies fighting in eu courts us govt data requests.
Pretty sure EU countries cannot in fact (in general) demand personal data of anyone from EU companies without due process. If you can find law to the contrary, let me know.
The procedure and requirements for obtaining a warrant under the CLOUD Act is not sufficient due process according to EU law - which is law which matters when operating a commercial business in the EU.
Sure, and US can pass a law saying that safety regulations of Airbus planes made in France are not sufficient either. Americans just don’t like flying in unsafe planes!
If you talk to actual people in Europe, outside of HN, you’ll find that overwhelming majority of people do not give a flying fuck about the “safety of their data” from US government. They just blissfully post shit on Facebook with no care in the world. This matter is a concern mostly to politicians and to activist hacker types.
This is not to say that this is not a valid concern to have, but I’d like people to spare me pretending that it’s about politicians caring about people’s rights, when just past few years they trampled all the rights in the interest of fighting coronavirus (and if you want to argue that it was all worth it, because the goal justified the means, keep in mind that the US government can say the exact same thing about its data access!). This is just standard power politics, a protectionist trade war whitewashed with talk about “rights” and “privacy”, only surprising thing is how people on HN are gobbling it up. I guess maybe that’s just willful ignorance - by pretending you don’t understand why EU actually attacks American companies like that, you might actually get some extra privacy protections you care about.
> Sure, and US can pass a law saying that safety regulations of Airbus planes made in France are not sufficient either. Americans just don’t like flying in unsafe planes!
If you cannot see the difference between this and the GDPR, I have no idea why we're talking. The GDPR is some pretty reasonable law, for the most part - if we had carve-outs for Americans who don't have to adhere to it, it would be entirely pointless.
The US is very welcome to end this by repealing their spy law.
Actually, it would be worse than pointless - it would advantage american firms over local ones, since only the local ones would have to obey the privacy laws, thereby allowing US ones to undercut local firms with funds obtained from selling user data.
> Sure, and US can pass a law saying that safety regulations of Airbus planes made in France are not sufficient either. Americans just don’t like flying in unsafe planes!
That would be rather awkard for Boeing, who would have to strip out half the engines on its 787s and all its 737-MAXes for being certified by the same "insufficient" safety standards.
A German court can not, in fact, serve a court order to Volkswagen America. (Technically it can, but the order is not enforceable.) A German court is also forbidden to force Volkswagen AG to reach into Volkswagen America because these are separate legal entities.
A German court would use judicial assistance and ask US law enforcement to help. US law enforcement would then adhere to local laws and protect the rights of US citizens while trying to help.
The crux is that in most cases the EU subsidiaries are not even set up to prevent that. They just roll over. Someone else tracked down the AWS GDPR compliance document the court case cites a few times, any governmental agency can request data transfers out of the EU. The document isn't even specific on which government and as far as I understand the North Korean government could request all EU users data and AWS would provide a download link without even thinking twice.
FWIW I live in Europe now and am enjoying it XD, but I still call a spade a spade.
I just hope Germany pulls its head of its ass before it supports China's ascension to global supremacy. We told them not to overly rely on Russian gas for like 40 years but ¯\_(?)_/¯
I'm sure. It's really a lovely place full of lovely people. And the standard of living is still relatively high. They are their own worst enemies sadly.
They're taking a hard stance on the on-selling of user data. Since they can't influence Washington to do the same, do they have any other option?
Given American companies have been, to put it most graciously, cavalier, with user data, and that we at the beginning of a revolution where user tracking in retail spaces becomes ubiquitous, is it fair to characterize this move as a profit-oriented one primarily?
If you cared about your fellow citizens, you could have the same. But judging by the hordes of mentally ill people wandering aimlessly around your cities harassing strangers (including visitors such as myself)—you don't.
I think it is more about the US flaunting in everybodies else face once too often that humans are not equal and that even when it comes to very basic rights, there is the US- and the other-human.
This sword cuts both ways. US can also stop sales of Airbuses, Volkswagens, IKEA furniture etc. under some fishy premise. If EU does that to US companies, why shouldn’t US do it to EU ones? This kind of tit for tat trade war would be a loss to everyone compared to cooperation, but is still preferred to cooperating with a defector.
No, because Germany doesn't have that big of an IT space. Aerospace and automotive would be good sectors to hit back with because they are more relatively important to Germany as IT is for the US.
OK but not wanting our personal records to be arbitrarily sized by the US government is very reasonable. Your government made a law that lets it spy on us... that's your problem.
I don't think it's reasonable that I'm paying more than my share of taxes for the defense capabilities that allows Europe free access to a stable world market and roughly rules based international order that underpins the export economy of Germany in particular. If Europe would fix that, I'd feel a lot worse about the spying.
I'm saying that if Europe decides it wants to block off parts of its economy, the US would be perfectly justified in doing the same (to everyone's detriment).
I could imagine a US based law that banned the sale of any durable goods produced by a company headquartered in a country that still got more than 5% of its power from lignite coal due to a strong climate commitment. That's tailored basically only to impact Germany. Is that fair?
Isn’t this the case with all sovereign countries, though? You can never guarantee that a government won’t demand a company in that country to hand over data, that is what it means to be sovereign.
Generally speaking, we look at the legal system in the country and decide whether it is /legal/ for the state to do such a thing, and whether there are appropriate safeguards to prevent it from doing so. Yes, they could change the law - and at that point it would become illegal for companies in that country to do business in the EU.
Usually most countries are smart enough not to damage themselves economically by preventing their companies from selling to a large, reasonably rich union.
There is no tit for tat, we european citizens don't want our personal data to be accessible to the US government and their respective secret agencies.
The US government will not back up from their policy and so we do neither but since we otherwise enjoy a great partnership and alliance, we take this issue pretty "dry and emotionless", trust me, there are no hard feelings or ill intentions.
It’ll be bad for a while, but alternatives will pop up. There’s plenty of money to be made.
Europe is Apple’s third largest market, making $90 billion last year alone. You don’t think other companies will step up for even a tiny percent of that?
Why should they? Europe signed free trade agreements and promised they would open their markets to the USA if the USA reciprocated. Excluding American companies from doing business seems a pretty big violation of this. I guess EU is free to cancel those free trade agreements, but they aren't free to just ignore them and just make it illegal for American companies to do business in Europe because of privacy rules that exclude American companies purely on the fact that they are American.
This is the obvious outcome of the US government’s repeated and explicit statement that non-US residents do not have any due process rights and thus no warrant requirements, followed by - when companies tried to compensate for this abuse by creating subsidiaries in the EU - stating that the US government also had access to all subsidiaries data, again with no due process protections.
What did the US government think would happen when they made it clear that no US company could provide due process protections for any EU data that they possessed?
This has nothing to do with the “IP theft”, but rather the inability of US companies to comply with universally applicable EU law.
Yeah, the late (post acceptance?) changes seem questionable on their own. Presumably they were reminded that the US gov argued and won with the Supreme Court, that they have unfettered access to all non-us-resident customer data of all US companies, and said companies subsidiaries, regardless of local laws. After all, as we know the US Declaration of Independence says "We hold these truths to be self-evident, that all residents of the united states are created equal, that they are endowed by their Creator with certain unalienable Rights".
Honestly, nationally-owned spin-offs aren't an issue. If that's all that doing business with China entailed, I think people wouldn't be so mad, but unfortunately there are other practical and moral compromises needed. The EU may be challenging in certain ways, but at least they play by their rulebook and champion public interest a lot of the time.
I hope you are aware that "the cloud" is not some secret, mysterious piece of technology that the EU can't figure out. We have software engineers as well as data centers and EU-based cloud companies. Digital consumer networks were established here long before the U.S and the internet was invented here.
Your arrogance is grating.
They're two different things. The Internet was invented in the US. I'm European as well, but not sure why you'd need to overreach to claim we invented the Internet.
Yes we are all aware they are different things, I made a semantic leap because the terms are used interchangeably in common parlance. I should have known a technical forum would take me up on that.
The web browser which actually made the web usable and popularized it was Mosaic.
"Mosaic was developed at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana–Champaign beginning in late 1992." -- Wikipedia
Other than Linux's European origin, Europe has not produced any viable operating system or browser. It continues to rely on key software of American origin, like the rest of the world.
This is one of those "pizza was invented in New York City" arguments. Popularized and refined != invent.
The Brit Tim Berners-Lee designed the architecture, wrote the first browser and web server, and wrote the first HTML spec at CERN around 1989. Mosaic was released in like 1993 after Berners-Lee released his specs and source.
To claim the internet was invented in Europe is equally absurd.
Right, and the goal of this sort of ruling is to make sure that those EU-based engineers have work and get paid. It has nothing to do with consumer protection or privacy. If it did, EU companies that have servers in the US would be banned from processing EU user data for the exact reason spelled out in this ruling.
> Digital consumer networks were established here long before the U.S
Really? In some places in Europe, people were starting to get excited about dial-up BBSes in the mid nineties, a decade after they were on their way out in North America.
In 1994 I was doing contract work in Vancouver on a website with paying subscribers.
I'm European and I'll happily admit there is no EU alternative to AWS, GCP, Azure. The breadth of services _on_, and the amount of engineers able to work _with_ these platforms is incredible and can't be beat by the likes of Hetzner and OVH. We are so behind that we won't catch up. The arrogance is warranted in this case.
I like privacy, but the business person in me is very frustrated by these GDPR rulings as they make the life of European startups even harder than it already is.
But you realize that all tightly integrated high-level services like IAM, Kinesis, Lambda, DynamoDB, CloudWatch (just to name a few from AWS), make the cloud a joy to work with? AWS had VMs and Managed DBs in 2009(!).
My personal experience with IAM is that it makes AWS awful to work with. I honestly wish it was replaced with an service far simpler in design. CloudWatch is similarly obtuse.
I think you have a point with Lambda though I don't use serverless much. How does Knative compare?
I personally have no experience with Knative. In my view, you open up a different can of worms by dragging in k8s. Either do everything natively on your cloud provider or go all-in with k8s.
Are you joking? The products page is laughable compared to the big cloud providers. Hell, it has "We create custom-fit solutions" on the landing page. If anything screams non-cloud it's that.
Restricting the sale or transfer of personal data to a foreign-held company that can and will obey foreign laws with regards to that data is, I think, perfectly fair.
The dances companies go through to appear local or non-local with shell companies is an abuse of the intent of many laws.
Microsoft/Google/Amazon/etc. probably can figure out how to operate in Europe to comply with the intent of the law, but it might require a rather large actual separation of interests rather than a shallow apparent one.
America engages at global level surveillance. American corporations can be coerced with a single national security level to spy on their customers. Ergo they are untrustworthy and should not be used.
Many (if not the majority) of open source projects that are used to power the whole spectacle have originated in Europe and now have a majority of international contributors.
But the power centers (foundations etc.) are in the USA. International contributors are expected to bow to U.S. cultural dominance and follow the latest whims.
I would argue China-US relationships are not that of allies or friends. There isn't a war or cold war going on, but I wouldn't pretend that the relations between China and the US are peaceful and represent trustful tranquility.
I would argue the relationship between Europe and US are substantially better, although not without frustrations from both sides, some warranted and some not.
At the very least, several countries are in a formal defensive alliance with the US and each other (NATO).
Turkey's status is (or should be) always about who is at the helm. It is an interestingly "supreme leader" type of a culture, and with Erdogan you can see how that plays out. Heart breaking, in my opinion, as they had a reasonable shot at becoming a properly European country (read: culture & rule of law wise especially).
For example, you would have had an amazing time 20 years ago with a level of security comparable to other European countries. Nowadays? Personal no-go zone is a wise decision, to say the least. If I didn't have my biological family there; I would have done the same in an instant.
This is about US legislation and jurisdiction extending to foreign territory and thus conflicting with local legislation and corporations subsequently failing to comply with legislation regulating that market.
It's rich to accuse the EU of copying China when it's the US who copied China's "National Intelligence Law" as the "CLOUD Act"; laws which compel Chinese and Americans to act as spies outside their countries when it comes to data.
Looking for an informed opinion; what are the practical consequences for European companies using American cloud providers (which I guess is most of them) ?
Immediate consequences... None. While all of your competitors are still using american cloud services, you won't get fined.
But as soon as competitors start moving to european hosting solutions, you need to too - because if you're slow to move over you can bet the courts will be chasing after people with fines.
in my opinion, most european companies are not using the cloud (especially if they are not in the tech space).
Colocated hosting is very, very large in europe, and many small/medium bussinesses operate out of a couple of VM's on a server in some datacenter, usually managed by some MSP.
Also, Egress fees are very expensive in the cloud, especially if you look at the cost of data transfer inside colocated facilities.
data transfer in the US seem expensive even if you look at colo/private circuits compared to europe.
Searching for "12.1 Regions. Customer can specify the location(s) where Customer Data will be processed within the" (as mentioned in the verdict) yields AWS as the problematic sub-processor for company A: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
US needs to economically retaliate in kind. If the US has the same data protections as the EU they’d make up some other excuse to attack US companies. This is what happens when you can’t compete you make up regulatory excuses.
I’m sure I’ll get downvoted by Europeans but it’s the truth. Look at the valuable companies and where they are located :)
You should see how the EU screws American 'certain industry' companies and fails to honor reciprocity deals. Then add that it is legal and tax deductible for German business' to bribe/kickback to corrupt businesses overseas and man does Europe have a sweet deal without our 'open and reciprocal trade'. Unfair denied access to European markets but open access for Europe in the USA. Overseas company's officials expecting bribes/kickbacks like the Germans give overseas.
Sure, they can champion their own citizens' rights on issues of where and how data is stored, and prevent American user data from being sent offshore in Europe. That would be ideal. :)
It’s not about that. Even if the US copied German law verbatim Germany would just find some other excuse to harm the US. They can’t compete so they unfairly try to prop up their own companies via regulatory means.
While there are certainly cases where European laws are crafted to help keep American companies out, this is not really one of them. It appears to me that the western European institutions have genuine concerns about American companies and three-letter agencies accessing their citizens' data, and by the way they are not paranoid to be concerned.
End result is almost certain to be more cloud providers in Europe, but I'm not sure they're wrong to want that.
But this won't encourage more competition in the EU, it will limit the number of competitors by creating an insurmountable barrier to entry for foreign providers. This is akin to import controls, which often cause stagnation, and generally lead to more costly and inferior goods.
The problem isn't non EU services, it's the US CLOUD act
Other countries have legal systems which are considered as offering equivalent protection:
> The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland , the United Kingdom under the GDPR and the LED, and Uruguay as providing adequate protection.
And for many more countries standard contractual clauses would probably be enough
Uruguay? I wouldn't exactly call them for known being a tech nation...
So why does USA fail at this? Or are they just too big and diverse for that sort of stuff? And you can't really expect such nation to succeed... In anything...
> I wouldn't exactly call them for known being a tech nation
And?
> So why does USA fail at this?
Because, and I'm going from memory here, should be Schrems I or Schrems II if you want to dig deeper, in the view of the ECJ (which invalidated a similar recognition for the US) the US doesn't provide a satisfactory way for EU citizens to contest their data being accessed by US government agencies
As far as I understand the reasoning is that the accepting of a bid of on of the companies in not allowed because they don't comply with the GDPR law. Although it was filed by a competing company it theoretically would mean according to this judge cloud hosting is not in line with GDPR. In that line, wether you are a governmental organisation or company doesn't matter if they decide to enforce it as such.
The context for this: say you're a SaaS and you want to tap into the EU market. Per GDPR, personally identifiable data shouldn't leave the jurisdiction of the EU so you should use EU hosted servers, storage etc.
So you might then split your app to an EU hosted datacenter of your preferred cloud provider.
This ruling says that's insufficient as while the data remains functionally in the EU it's still possible for it to be accessed on the backend by non EU entities.
And slowly but surely the tidal wave of the consequences of GDPR versus the CLOUD Act come into view.
It will take many years to of delays and fretting (due to the dependence on US clouds) but fundamentally the current legal position is that GDPR is fundamentally incompatible with any personal data transfer to the USA, that's how Google Analytics keeps getting banned too.
At some point this will all come to a head and something will have to budge given the gigantic consequences of such a position, from AWS to GCP to Stripe to even basic things like your Domain Registrar.
> The cloud providers can work with independent operators that run their cloud solutions in Europe.
Does that exempt them from the CLOUD Act? If US companies have access to independent operators in Europe, presumably they can still be compelled to give that data to the US.
There is no tidal wave, Telekom partnered a long time ago with Microsoft for an EU only azure offering and it was sacked quickly because the demand from public procurements where too low since those largely require on-prem solutions.
> It followed that company A's service qualified as an unlawful transfer of data to a third country because their parent company was located in the US, violating relevant data protection law (Article 44 GDPR).
> The Chamber explained that a transfer in this context must also be assumed when data can be accessed from a third country, regardless of whether this actually takes place. The fact that the physical location of the server that provides such access was located in the EU was irrelevant.
I think this is an interpretation of GDPR that most companies are not prepared for. You could write an implementation that restricts access to EU data, but if the parent company is not in EU, I guess the implementation could always be changed to allow access. Ergo, GDPR violation?
If I'm reading the ruling correctly, the relevant legal standard applied here is completely bogus. They find that it is a violation of GDPR because the parent company could access the data, in principle if they wanted to. It doesn't matter if there are safeguards, technical, or institutional preventions in place.
However, the exact same argument applies to any EU company with any internet connection, and directly applies to any EU company with infrastructure in the US. EU companies could, in principle, transfer data to the US intentionally or by accident. If technical, institutional, and legal prevention isn't good enough for US companies, why is it good enough for EU companies? Seems like GDPR has to also be construed to prevent EU companies from doing business in the US.
If the counter argument is that US companies could be compelled by the US government to hand over data, while EU companies cannot be, that is factually untrue.
US cloud companies can be forced by the US government to spy on European citizens. That's the reasoning behind this ruling. Are you not aware of the NSA spying programs?
Right, that's why I included my last paragraph. EU companies can also be forced by the US government to spy on European citizens. It happens all the time.
I assume the WTO will get involved to clarify and the safegards required to operate in Europe will get rather well defined. Lots of powerful interests involved which should get this sorted out eventually. Much uncertainty until then.
It's not protectionism. The agreement with the US parent company allowed them to access the data!
> A included clauses in the offer that stated, among other things, that it will not access, use, or disclose customer data to any third party, except as necessary to maintain or provide the Services, or as necessary to comply with the law or a valid and binding order of a governmental body.
So it is a transfer of data from EU control to US control. Very clearly.
> It doesn't matter if there are safeguards, technical, or institutional preventions in place.
Except the American company made it clear that no such safeguards will be in place and that it will transfer the data out of its EU servers if legally complied to do so. This can be found in the German text at https://rewis.io/urteile/urteil/ocw-13-07-2022-1-vk-2322/ .
> Regions. Customer can specify the location(s) where Customer Data will be processed within the X. Network (each a "Region'), including Regions in the EEX. Once Customer has made its choice, X. will not transfer Customer Data from Customer's selected Region(s) except as necessary to provide the Services initiated by Customer, or as necessary to comply with the law or binding order of a governmental body.
Any governmental body can request access to EU users data and the data will be moved out of the EU region. At best it provides that it will challenge any inappropriate or overly broad request, but there is no legal framework for what qualifies as such between the EU and US and the US is unlikely to care about challenges that have no legal basis.
There was a treaty how to deal with data protection between the EU and US, it was killed by a court decision best known as "Schrems II". Trying to get the EU data protection laws and the US governments need to collect all the data to play nicely is a non trivial and maybe even outright impossible undertaking, so no replacement currently exists.
When you read the original document it seems to be more about terms of the original contract and effective access to the machines than the location of the parent company so a clear split of should make it be possible.
> However, the exact same argument applies to any EU company with any internet connection, and directly applies to any EU company with infrastructure in the US. EU companies could, in principle, transfer data to the US intentionally or by accident.
Yes, this might be a reasonable argument. You'd be in a bad place as an EU company trying to operate in the US right now. Perhaps the US should quit passing spy law and we can go back to cooperating.
Thank god at least some government has the sense to take steps to protect their country's sovereignty. All the US has to do to regain trust is to stop using BigTech for spying on other countries. To begin with, it can start by creating laws and regulations like the GDPR (or better) and move on to breaking up the monopolies of BigTech.
The US parent company was given access to the EU data. That's the problem here.
> A included clauses in the offer that stated, among other things, that it will not access, use, or disclose customer data to any third party, except as necessary to maintain or provide the Services, or as necessary to comply with the law or a valid and binding order of a governmental body.
Of course giving a US company control over EU data at a whim means that it's a transfer to the US. The court made the only reasonable decision.
I think this kind of affirms the general opinion that Germany and many traditionally powerful European countries is doing poorly when it comes to modern tech. What went wrong with Germany and Europe? They used to be the front runners in tech once upon a time.
"European countries doing poorly when it comes to modern tech" has never been an opinion.
You're confused, and your petty vindictiveness is unmotivated. The EU as a space of commerce is not yours to do with as you wish. You have to follow rules and regulations just like our own companies have to. And if your country had not been engaging in espionage and sabotage then there would never have been a need for these "unfair" and "underhanded tactics".
If the goal was to stop US companies, the EU parliament wouldn't've thought that the US lived up to the requirements of the GDPR. They assumed they did until courts struck it down
> You have to follow rules and regulations just like our own companies have to
Which companies? Seriously though. Is there a reason the biggest EU software companies are the likes of SAP and Capgemini, or niche players like Spotify?
I mean, I'm not talking about the USA or China, even Russia has a more impressive tech sector.
Could it have something to do with various regulations?
Maybe it's just, that the European law makers understand the risk of being are to transfer sensitive persona data into other legislations, and that a local registered company doesn't mean there are technical bounds.
I am not sure which exact incident you are after, but NSA, the largest operater of surveillance in Europe is American and GCHQ, the second alrgest, is British and also outside EU these days. But yes, there are some actions by European governments i condemn.
However as a European citizen I have ways to counter actions by a European government. By voting, by legal means etc. Into the US I have now range and the US has very little responsibility towards me. Laws protecting Americans or actions in America don't protect me as a foreigner.
That said: The court case here at hand was about the government being the (indirect) customer of that cloud. Thus it's their data amthey want to be protected from foreign governments.
If you store data in your own country with non-American companies you're protected by your country's judicial system. If you use an American company or American-based company you're subject to illegal spying from the NSA or extra-judicial warrants from the CLOUD Act (which compels Americans to apply American law outside the US).
How is citing one of biggest human crisis of last century against the same country which did it against their own citizens a cheap shot. It's totally relevant.
LOL, they never were. Germans are conservative. Try to pay by card in a shop/restaurant outside bigger German city. Either not possible, cash only, or you can use some local EC card, which only Germans are using. Rest of EU is using Visa / Master card.
But when is about TikTok I see most americans have completely different values, no sorry americans are consistent, only US citizens deserve rights, the rest can be spied on, tortured,killed etc. Give EU citizens same privacy rights and there so no need to start an economic war because some NSA fat and lazy agent does not want to prepare a file to request a warrant. If you are at it, maybe is tiem to let US citizens that killed people(like in car crashes abroad) to get their fair trial and punishment too.
We have rights too, you are not more special and deserve more basic human rights because citizenship.
All I am saying is Individuals are perfectly capable of making that decision. Whether they should store their data in Germany, California or some random Caribbean island.
I'm not sure what you're saying. Do you mean that each individual is supposed to know where every site is based instead of having country-wide/EU-wide protections in place?
Individuals are not perfectly capable of this decision, especially since they are multiple steps removed from said decision (e.g. saas I use is using another service hosted on amazon); and in a lot of the cases (e.g. using a software for their job) not even in a place where they can make the decision.
Government does not tell you where you should keep your data. They tell, where you can't.
This is because it is not a compliant place to store data at. Same reason we don't want you to store data in china, for example.
So you say nobody should say visit US because human rights apply only for citizens? Do I also don't have the right to point that this is bad? When did non US people lost this right to complain?
Is there a reason why making it illegal for NSA and CIA to spy on EU citizens with warrants is affecting you personally? Do you work for CIA and you don't want to fill paperwork?
This is such an obvious solution, remove the stupid law and partner with EU in protecting privacy, then you can work together against China.
You typed that silly reply on an operating system created by a European. You don't think we can host the shit out of that OS in Europe? I think you're just butt hurt because someone said something bad about the greatest country in the whole world that you know of.
If you're talking about linux an operating system based on unix from bell labs. then it just an operating system created by a European which is based on an operating system created by Americans. without one the other wouldn't exist.
Here is my periodic system nonsense again: a European discovered silicon. America's not all that. Also, you seem to have a chicken and egg problem with your reasoning.
That wasn't your comment you said the nordic countries discovered more periodic elements the US. My response was going to be since your grouping the nordic countries the the uk and us would also have to be group because of historic relation between the uk and us specifically the us is some degree was a colony of the uk. With that being said the two combined have discovered 45 elements almost split evenly between the two in comparison to the nordics 25. Also its not a chicken and egg problem unix came to fruition without linux, but linux would never have existed without unix especially if Linus Torvalds had never came in contact with unix at university. Linus Torvalds thesis goes in detail about relation between the two.
Please don't take HN threads further into flamewar, let alone dumb nationalistic flamewars. We may not be able to have a reliably good discussion forum in this community but we can at least do better than that.
I typed my reply on an OS created by Americans, but that's entirely irrelevant.
It's not about just installing Linux on a box, plugging in an Ethernet cable and calling it a day. We're talking about cloud providers here. You need to create something on the scale of AWS and Azure if you want to be taken seriously. Hetzner and OVH aren't going to cut it.
>> It's not about just installing Linux on a box, plugging in an Ethernet cable and calling it a day.
It's not? Because that's what most Europeans think.
>> We're talking about cloud providers here.
Ooooooooooooooooooh weeeeeeeeeeeh, now that's fancy.
Maybe if we could get an American over here to help us out, it could work? Are you available? Because we need answers to questions that you can't just google. We need someone who's been there, done that and who has money beyond what any European could ever even imagine. We need a Texan.
Are you a Texan? Or an absolute asshole? Both of those combined seems to fit the profile of a person that could make a change over here.
Whoa - you've posted tons of flamewar comments in this thread - that's seriously not cool, regardless of how right you are or feel you are, or how wrong other people are or you feel they are.
It looks like you've been breaking the site guidelines in other contexts too. Can you please review them and stick to the intended spirit here? https://news.ycombinator.com/newsguidelines.html
Yes. I've never understood this whole "don't host in the US or the NSA will spy on you"...uh, that might be true, but at least on paper there are protections.
An EU subsidiary of a US company is fully legal fair game for every 3 letter agency.
The US Cloud act requires companies to open their platform for the intelligence agencies. We are not talking about hacking, they are required by law to provide access.
I am all for a free and open internet. If you want to connect to a computer in Russia or United States, that is ok, think about what happens to your data, if you care about that, or don't.
But here we are talking about whether the German government should use hosting centers, for their governmental software, they know are accesible to US intelligence services.
you are correct a foreign government should not rely on another foreign government for government related technologies, but the reason this even went to court is because one company couldn't compete with another for contracts so they played the legal card if i understood the summary correctly. This shows there's a lack of technological capability/capacity within the EU asif its actual rocket science to host computed services. Aslo do you think about your data? because this is a US service and if remember correctly its hosted on M5 both US services. so you using it shows you aren't thinking about your data because this site is a data trove upvotes, comments, posts, etc. The US government could easily subpoena for all your data and cookies related to this site and build a profile.
Words cannot express how little we care what you or anyone else has to say about "US spying" as long as you/they do it within the site guidelines and the intended spirit of the site. From a moderation point of view, the issue is not "US spying", it's "violation of the site rules" - which was happening all over this thread. This was the extreme opposite of "healthy discussion".
Btw, your account has been adding to this flamewar in just the way that we don't want here. I'm not going to ban you right now, but only because it doesn't feel sporting to ban an account that I only noticed when you replied to me. If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and sticking to the rules, though, we'd appreciate it.
I have no beef with US companies doing business here as such, but as long as they're supporting espionage and sabotage by handing crucial data to the NSA and CIA they should simply not be allowed to operate here.
> they are too poor to afford ubiquitous air conditioning
And I could say that americans are too poor to have heated bathroom floors, but that'd be ignorant.
Europe is much further north and has significantly colder climate than the US: https://imgur.com/oIjh5eQ The main concern is insulation and heating, not cooling, hence much more expensive buildings overall compared to cheap wooden homes in the US.
For public services, as in government public. From the page:
The case concerns a decision by the Vergabekammer Baden-Württemberg ("Procurement chamber Baden-Wuerttemberg"), the administrative authority that reviews the public procurement procedures.
On 3.11.2021, a public authority issued a Europe-wide invitation to tender for the procurement of software for digital management via an open procedure. The award criteria contained, among other things, requirements for data protection and IT security. The public authority received offers from company A and company B.
1. A company in your own country which got marketshare mostly because of legal reasons and government interference.
2. A company which got marketshare by building products that people loved all over the world, has the smartest people working for them and have generated more value than the vast majority of the companies that existed previously in the world combined.
I'd agree with the implication here, if it weren't for the fact that the company on #2 would be _legally compelled to spy on me or my countrymen at the whim of 3 letter agencies_.
That rubs some people, such as I, the wrong way. I wonder why :)
It is not clear to me from that what the relationships are between company A, the EU subsidiary (which I'll call S), and the US cloud provider (which I'll call C).
1. Would A be dealing directly with S, or is A dealing with C which is using S to store A's data.
2. Is S incorporated in the EU?
3. Does C have access to data stored in S, other than data that C itself put there using the APIs that S makes available to all its storage customers?
Telekom and Microsoft partnered together a long time ago to fix this problem but it turns out in european public comunal and state procurement projects that cloud offerings play a very insignificant role since its largely all on-prem IT projects and so that partnership was closed.
I'm just writing this because a lot of comments are getting the wrong idea from this and causing some weird mix of hysteria and europhoby. In the grand scheme of things, there is no money lost for Azure and AWS, the potential of the once in a full moon cloud projects from public european institutions wouldn't even amount to something that would be described as pocket chance.
All: the hellish and puerile flamewar that many of you stooped to in this thread is exactly what HN is not for. We ban accounts that post like this, so please don't post like this.
I suppose I'd better add that this isn't about which side you're on. It's just about having an international forum that doesn't suck and doesn't destroy itself. All of you flaming each other in this thread have made HN suck (in this neighborhood) and contributed to destroying it.
No more of this, please. You can make your substantive points without any of that. If you can't, please don't post until you can.
There was no flame war in this thread. But there is clear evidence of abuse and harassment by a mod. I'm flagging dang's post in the hope that a real moderator will look at it.
What an embarrassment indeed. Hackernews deserves better moderation.
Certainly, people can and do have different ideas of what counts as a flamewar. In that sense it's just a difference of opinion and that's fine. However, we're trying for HN to be a particular kind of web forum. The principles of what we're trying for are expressed at https://news.ycombinator.com/newsguidelines.html. Many comments in this thread broke those principles quite badly.
news article (German): https://www.golem.de/news/vergabekammer-clouddienste-von-us-...
primary source (German): https://rewis.io/s/u/PjK/
press statement of law firm (German): https://gruendelpartner.de/newsroom/gruendelpartner-erwirkt-...
reply