The EU-US data transfer deal is yet another instance of the EU bending over for the US. The US oversteps, the EU retaliates, they negotiate, rinse and repeat. It's frustrating to see the EU continually put trade over privacy and trusting the US not to enforce the Cloud Act.
It's not just about the big names like Google or Meta. What about EU startups? They're left in limbo, unsure of what this means for them or the cost involved with complying with an additional set of rules. The final decision is with the court on a case by case basis, just as before!
Honestly, I doubt this will make any company at ease about EU to US data transfers - there's too much risk & cost for EU companies.
The US is a sovereign nation. US law explicitly allows them to snoop on foreign entities/persons/data.
GDPR doesn't have jurisdiction outside the EU.
I wish it were otherwise, but it is not. The EU isn't a world government, it's a regional government/alliance, somewhat analogous to the US. The US often manipulates other nations to agreeing to pass laws that align to their policy goals globally, but ultimately it's a decision of sovereign nations to pass laws. I don't think the EU wants to call into question the entire concept of sovereignty in a policy conflict with the US, since the US is the a hegemony and one of only two global superpowers (and arguably the only one).
The GDPR applies to EU citizens regardless of where they are, and if the EU courts can apply fines (for example the company has a presence in the EU) then the court will probably fine the company.
It's not just about the big names like Google or Meta. What about EU startups? They're left in limbo, unsure of what this means for them or the cost involved with complying with an additional set of rules. The final decision is with the court on a case by case basis, just as before!
Honestly, I doubt this will make any company at ease about EU to US data transfers - there's too much risk & cost for EU companies.