EU-US Data Privacy Laws

The cluster focuses on conflicts between US laws like the CLOUD Act, which allow access to data by US authorities regardless of location, and EU regulations like GDPR requiring data residency and protection from US jurisdiction, leading to recommendations for EU-based cloud providers.

➡️ Stable 0.6x Legal

3,387

Comments

Years Active

Top Authors

#396

Topic ID

Activity Over Time

2008

2009

2010

2011

2012

2013

223

2014

137

2015

187

2016

126

2017

148

2018

150

2019

168

2020

237

2021

248

2022

647

2023

223

2024

198

2025

490

2026

Top Contributors

openplatypus (14) rmc (13) lmkg (13) jeroenhd (13) tzs (13)

Keywords

MS IT US DPA europa.eu AWS SARL ESC thestack.com ACT eu data gdpr laws company cloud european companies privacy data stored

Sample Comments

devn0ll • Mar 18, 2022 • View on HN

As I have understood it from a lawyer: US laws require a company to hand over the data wherever the data is located. EU, Japan, whatever. You are a US company, so hand it over.EU law states: EU data shall not leave the EU.Those two bite each other, and the result is that a company can _never_ bow to both laws.So, if EU data must be kept in the EU, choose a (hosting) company with no ties to the US. Vice versa is no problem, the EU law _does_ respect data locality.It is the reason why

L0g4n • Jan 21, 2022 • View on HN

CLOUD ACT is the problem. Even for data stored outside the US, authorities can demand access to data. This is why for example in the EU you are a customer of AWS SARL in Luxembourg instead of AWS Inc.

j_maffe • Aug 26, 2024 • View on HN

Couldn't they have kept the data stored in the EU? What US law prevents that?

juriansluiman • Jan 28, 2013 • View on HN

There are specifically EU based companies offering cloud services only at EU based server parks. These companies make sure the US cannot have access to their data because a) the company isn't a US one b) the company does not have a part of its business located on US grounds and c) all servers are located in data centres on EU grounds.Such services are offered with explicit notion of data protection against US laws, giving "us" EU people a safe harbour of data protection where we are (at this

gruez • Aug 11, 2020 • View on HN

They don't, hence why EU has data residency requirements, and American companies set up firewalled entities to comply (eg. Azure Germany).

fvdessen • Aug 8, 2022 • View on HN

Looking for an informed opinion; what are the practical consequences for European companies using American cloud providers (which I guess is most of them) ?

alexfromapex • Jun 10, 2023 • View on HN

I hope they will have a US cloud region since the European laws are pretty strict and hard to keep up with

fxcao • Mar 15, 2022 • View on HN

Hi @oliv__17, I am a DPO (PHD in law) and a developer, the best advice I could give you is to host your data in EU, of course, but also only by using the services of a company that is European itself, and not controlled or owned by a US company or person. This means that you can no longer rely on AWS or G Cloud. This is due to the fact that there is the Cloud Act, that is not compatible with GDPR requirements about data transfers outside EU (for more details you can also check decisions of the C

Sevii • Jan 7, 2017 • View on HN

Sounds like they are trying to get the same deal most of the EU countries have, Germany, France, ... Where user data has to be stored in the home country.

cloudify • Sep 9, 2025 • View on HN

Due to the Cloud Act, hosting "In the EU through a US company" and "In the EU through an EU company" are two very different things.