I highly doubt that this will get anything moving: In 2020 the European Court of Justice already invalidated the Privacy Shield agreement with the US for precisely this reason.

The majority of EU-companies however just continued to use US services despite the fact that user data could be accessed by the US government at any time, contrary to EU data protection regulations, and even without a court order (patriot act and such). No effective penalties - or more like no penalties whatsoever - were imposed on those companies that simply ignored the ruling.

The end result was that the EU entered into a new agreement with the US, the EU-US Data Privacy Framework (DPF) – just a new name: nothing has changed. European users' data on US servers is still not protected in accordance with European law.

This statement only confirms what has long been known - nothing has changed.

So I can't see why the EU would change course now, unfortunately. They could have years ago for the same reason but didn't because, well, money...

The national Police is planning to renew all the computers not supported by windows 11 while our Gendarmerie (same thing but different) is using Ubuntu since approximately 17 years. The head of Polytechnique signed a deal with microsoft to put restricted zones on o365. We are not there yet and it is a fucking shame. All the usual state contractors are hand in hand with microsoft so I don't see any move in the close future. It could be easy to fine the USA companies into oblivion because they can't respect GDPR but the EU is too submissive for that.

They can be fined if they actually use the data wrongly. However, them admitting is already important. It should be very obvious to anyone that there is not such thing as 'European enclaves' in these hyperscalers. Even if they host the data in Europe, unless it is an european company that does not have to comply with the US state, then the data is available to the US government.

Has nothing to do with Windows. It's about the different services Microsoft offers. Like Azure or OneDrive. You could run Linux (Microsoft has their own distro btw) on their cloud and they would give the US everything they asked for.

Linux is my favourite operating system company

Do you know if there is a community of devops/admins/devs who are doing the same? I am interested in doing the same thing.

Unless you need Windows for work, in which case you're fucked.

I literally only need one thing, which is a bank authentication token that prompts me to plug in a USB dongle, which then reads a certificate off of the device and pushes it to a browser plugin.

But that dongle software in itself? Windows only. And since I have to approve all outbound transactions (maker/checker principle), there's no way around.

Those laws exists, but from the article, US laws supersedes those regulations, and apparently they rather comply there than in the EU. Guess they did the math and figured the consequences in the EU are easier to stomach.

I really dont think that it matters if the data is in Europe. If the company is American then it will not matter. The data must be in Europe AND the company must be also European, this way it can not be forced by the US to do anything.

Fuck Microsoft but aren’t there data residency laws that say French data must be stored in Europe?

The problem with U.S. companies operating in Europe is the CLOUD Act. It doesn't matter where the physical servers are located, if the U.S. Government wants access to the data, U.S. Based companies are required by law to allow it.

I work for a french public owned company in transport. The whole company uses Microsoft 365, "sysadmin is an idiot and I don't trust his password system" [ editing done] etc... Oh yeah, no one thought about cleaning up the system so copilot's here all right, just sipping in the corner.

We are truly f***d .Doesn't matter whom attacks, the US, China, Russia, indépendants. They can paralyse this transportation network in a snap. And I know it's far from a lone example.

The french public services are hopeless as far as computing and basic security is concerned. There are a few times when they struck genius and got productive, secure services out, but day to day companies that are the infrastructure of the country itself are hopeless.

Yes BUT, the US government can fine them whatever they want / threaten contracts / revoke their ability to do business in the US.

Ultimately their ability to function in the US is largely dependent on them doing whatever the fuck the government wants. If forced to choose between the US and EU, they're almost always going to choose US.

Why /s? This is the only logical conclusion. In general governments shouldn't be using infrastructure they don't control.