1. 1
    1. 4

      As I understand it the ruling is “Storing customer data in the US is not compatible with GDPR compliance”, so it would be enforced using the existing GDPR enforcement regime.

      1. 6

        Sure, but where can you store a chat conversation between European and USA citizens ?

        1. 4

          In Europe

          1. 3

            On their own devices. Use end-to-end encryption while you still can (but that’s a good question in general)

          2. 2

            The CLOUD Act seems to be removing the distinction between data stored in the USA versus data stored abroad when it comes to US companies. As far as I understand it, the act in a way extends American jurisdiction to every country where the server of an American company is located, so perhaps a more important thing EU states can do in this regard is not entering CLOUD Act agreements with the US at all? I’m only partially trolling.

          3. 0

            Why, by giving EU States complete access to their data feeds, of course.

            I wonder if I’m being paranoid by seeing this as a subtle play for warrantless surveillance?

            1. 11

              I think it’s far more likely that it will be enforced with the possibility of outlandish fines or loss of market access if found to be in violation of the law. That would (roughly) align with how other data privacy regulations are established in the EU.

              A gross expansion of warrantless surveillance seems quite unlikely in the EU, as there is a cultural belief that data about one’s self belongs to one’s self which is in contrast to the American culture where data about one’s self is typically viewed as belonging to whoever collected the data.

              1. 20

                In case anyone’s wondering what the deal is here: lots of European countries, especially in Eastern and Central Europe, but also some Western European countries (e.g. Germany) have a bit of a… history with indiscriminate data collection and surveillance. Even those of us who are young enough not to have been under some form of special surveillance are nonetheless familiar with the concept, and had our parents or grandparents subjected to it. (And note that the bar for “young enough” is pretty low; I have a friend who was regularly tailed when he was 12). And whereas you had to do something more or less suspicious to be placed under special surveillance (which included things like having bugs planted in your house and phones being tapped), “general” surveillance was pretty much for everyone. You could generally expect that conversations in your workplace, for example, would be listened to and reported. With the added bonus of the fact that recording and surveillance equipment wasn’t as ubiquitous and cheap as it was today, so it was usually reported by informers.

                Granted, totalitarian authorities beyond the Iron Curtain largely employed state agencies, not private companies for their surveillance operations – at least on their own territory – but that doesn’t mean the very few private enterprises, limited in scope as they were, couldn’t be coopted into any operation. And, of course, the Fascist regimes that flourished in Western Europe for a brief period of time totally partnered with private enterprises if they could. IBM is the notorious example but there were plenty of others.

                Consequently, lots of people here are extremely suspicious about these things. Those who haven’t already experienced the consequences of indiscriminate surveillance have the cautionary tales of those who did, at least for another 20-30 years. If someone doesn’t express any real concern, it’s often either because a) they don’t realize the scope of data collection, or b) they’ve long come to terms with the idea of surveillance and are content with the fact that any amount of data collection won’t reveal anything suspicious. My parents fall in the latter category – my dad was in the air force so it’s pretty safe to assume that we were under some form of surveillance pretty much all the time. Probably even after the Iron Curtain fell, too, who knows. But most of us, who were very quickly hushed if they said the wrong thing at a family dinner or whatever because “you can’t say things like that when others are listening”, aren’t fans of this stuff at all.

                Edit: Basically, it’s not just a question of who this data belongs to – it’s a pretty deeply-ingrained belief that collecting large swaths of data is a bad idea. The commercial purpose sort of limits the public response but the only reason why that worked well so far is that, politically, this is a hot potato, so there’s still an overall impression that the primary driving force behind data collection is private enterprise. As soon as there’s some indication that the state might get near that sort of data, tempers start running hot.

                1. 5

                  For more details on this, Wikipedia’s entry on Stasi, the security service of East Germany, is a great read. Stasi maintained detailed files (on paper!) on millions of East Germans. Files were kept on shelves, and shelves were >100 kilometers(!) long when East Germany fell.

                  It is easy to imagine why Facebook’s data collection reminds people of Stasi files.

                  1. 1

                    There were some amazing stories floating around in 1989 – like, the Stasi were sneaking across the border into the West to buy shredders, because they couldn’t shred the documents fast enough; and the army of older ladies who have been painstakingly reassembling the bags and bags and bags of shredded documents.

                  2. 3

                    To be fair with powers shifting, companies consolidating, individuals having the same money and thereby power of whole governments, and individual companies or partnering ones not only being owrking individual sectors anymore and governments outsourcing more and more of their stuff (infrastructure (IT & non IT), security, etc. and corporations creating pretty much whole towns for their employees and oftentimes families they overall become more similar to governments, but usually with fewer guarantees by things like constitutions.

                    1. 2

                      Absolutely. There’s been talk of a “minimal state” for decades now, but no talk of a “minimal company”. Between their lack of accountability, the complete lack of transparency, and the steady increase of available funds, I think the leniency we’re granting private enterprises is short-sighted. But that’s a whole other story :).

                2. 5

                  The US actually claims the right to warrantless surveillance of non-US citizens, through FISA. Additionally, through the CLOUD act, they claim the right to request personal information from US companies, even if this information is not stored on US soil.

                  Looking at the political side of things, many EU lawmakers are perfectly fine with engaging in a little protectionism for European IT companies, and if EU privacy law makes life difficult for FAANG, that’s perfect. On the other hand, the US is trying to use the world dominance of its IT companies as a way to extend the reach of its justice and surveillance system.

                  Then there are FAANG-paid lobbyists, who keep pushing for treaties that claim the US extends protections to EU citizens’ data, even though it clearly doesn’t. They don’t last long once they get taken to court. This is why some US tech companies, like Salesforce, are now lobbying for a data protection regime in the US - this would be one way to reconcile this difference.

                  This is a trade war, and the victims are smaller US companies that shy away from doing business in the EU.

              1. 5

                I work on a retail SaaS product, so I’m watching my scale planning and testing bear fruit. Currently pushing over a million requests per minute to over a million concurrent users. I haven’t thought about the rest of my week yet.

                1. 2

                  This seems like a nice company to work for.

                  As a comp sci student, I am curious to know what kind of salaries one could one expect in this trade. Anyone?

                  1. 1

                    Jane Street is an excellent company, and their compensation packages are quite fair. If you’re interested in the intersection of tech and finance you’d do quite well to work at a company like Jane Street.

                  1. 1

                    2) Doing some work is fine, but don’t allow yourself to become a blocker, and make sure to leave the most rewarding work for your team.

                    4) I’m a big fan of First, Break all the rules It’s evidence-based, and it provides great foundational perspective. My boss gave me a copy of it, and I remain grateful.

                    6) Nearly every stage of hiring is harder (and more time-consuming) than I would’ve guessed before I was a manager. Treat it seriously or you’ll end up with an undersized team and/or bad hires.

                    10) I prefer organized hack days to 20% time. If something interesting comes out of the hack day, it can easily be promoted to a real project.