I live in Canada and have stopped storing any data in the US. Give me EU data hosting ALL DAY.
illegal in the EU*
When I first read the title I thought it was some clickbait claiming that US cloud providers themselves would all be found to be illegal and cease to exist at all, which is of course, preposterous. Some clarification in the title would have helped.
Will Trump be the EU’s wakeup call?
I’m skeptical of this making a difference due to this act that was passed in the Netherlands, which allows for sending data to foreign parties without any oversight: https://en.m.wikipedia.org/wiki/2018_Dutch_Intelligence_and_Security_Services_Act_referendum
US-Cloud was always illegal for EU-citizens since GDPR. Privacy shield was just the next try to label it as legal without changing the cause (US having no privacy protection) until it gets disabled again by EU court in 5 to 10 years.
It’s never been illegal at all, you’re oversimplifying the issue. Plenty of use cases that can use US clouds. Not all data is PII and plenty of use cases perform fine by anonymising their data. Also EU countries aren’t that better than US when it comes to state issued privacy violations; we just don’t do dragnet bullshit (yet) but plenty of requests are served as requested…
An alarming amount of data that should be classed as PII isnt. information in aggregate changes classification, PII should be treated the same.
Depends on the dimension used. « Shoulds » are meaningless. Let’s not assume everyone is doing shit work, awareness is getting there and people are getting more capable to correctly classify data. Anyway assuming correct classification there are techniques that changes classification enough to allow exportation of data to shit countries.
and plenty of use cases perform fine by anonymising their data
Short of aggregating it to get rid of the individual records completely, “anonymizing data” isn’t actually a thing.
That’s not the only way to do it. In quite a lot of situations you can, instead, generate artificial data that is statistically similar to the original data set and use that instead. That works well for things like system testing, performance tuning and integration testing. Done right, you can even still pull out useful corelations without risking deanonymising the data.