Comment by zelphirkalt
3 years ago
But what does "direct" mean here? Indirect could still be ordering them to give US authorities data and to keep silent about being ordered. Maybe (hopefully) that would be against EU regulations?
3 years ago
But what does "direct" mean here? Indirect could still be ordering them to give US authorities data and to keep silent about being ordered. Maybe (hopefully) that would be against EU regulations?
Lots of EU countries have their intelligence agencies doing close cooperation with five eyes (NSA and equivalent agencies of the smaller countries) and willing to turn a blind eye or actively collude in compromising security of IT infra in the EU. Or going further, a oft reported pattern is that when they want to spy on their own citizens but are forbidden by law, they ask the foreign allies to do the dirty work of spying on their soil and pass back the intelligence.
OK, be that as it may, in IT stuff, the question often becomes "Who is responsible?". If a state or its institutions violate the law, at least no one can blame you for GDPR violations, which you did not commit.
Exactly this, and I think this is granted with Hetzner.
The GDPR largely came about as a response to the Snowden revelations of pervasive surveillance of netizens globally, and it says you need to protect PI from non-EU state actors. So you're possibly right as far as EU state adversaries go but you for defending against foreign state actors it's different.