I wasn’t aware that there was a ruling of the European High Court in July 16 2020 that nullified the SHIELD agreement. And since US law requires US companies since 2018 to share even data not stored inside the US with the US authorities, there simply is no way for US companies to comply with the European General Data Protection Regulation (GDPR).
Therefore, the only legal way for using any US company to process data of European citizens is by explicit consent of each individual. And it doesn’t seem to be possible to legally get such explicit consent in many cases. (Especially if the concerned people do not have any sensible alternative to say yes to such processing like as students or employees.)
I would argue this makes using software and services from Microsoft, Apple, Google, Amazon etc. basically illegal if you are processing data from EU citizens. Platforms such as Facebook and Twitter might not be concerned by this in general because most private people personally created an account there which arguably counts as an explicit consent to such processing. But it might still be problematic to accept their tracking code on web pages because it would concern all visitors – not only those who did explicitly agree that these companies do process their data (and pass it on to the US authorities).
If I get this right I think most European government bodies, companies and associations are operating outside the law at the moment. Since very few have completely moved away from using such services from US companies.
And this is of course a very problematic situation because it could lead to very costly and in many cases devastating penalties. (If we ignore the founding serious problem of data leakage to untrustworthy bodies in the first place.)
Did you know this and what are your thoughts on it?
Isn’t this an invitation to build on this legal problem and to strongly recommend the move to free distributed alternatives. Even refusing non-free operating systems? Who can ignore the threat of 20 million Euros for a serious breach of the GDPR? Do really all hide in the crowd? … If we are not the only ones breaking the law the consequences won’t be too bad?