Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That last bit seems incompatible with how TCPIP works? Unless opening a connection in considered consent?


No, opening a connection and exchanging IPs falls under "technically necessary" processing of personal data.

But from a legal point of view we, as a European company, are forbidden to use any US infrastructure provider. We can't ask for consent to transfer data to an US based entity if our consent form itself is already hosted by an US based entity. And even if we did find a solution, like hosting the main infrastructure with a European company and asking for consent for some later data transfer, we are most likely forbidden to transfer data to US based entities at all.

From what my lawyer told me the ruling from https://noyb.eu/en/austrian-dsb-eu-us-data-transfers-google-... applies to all services from AWS, Google Cloud, ...

There will be many rulings that follow. Everybody is just waiting for the Irish Data Protection Commission to actually do its work, but the Irish DPC does not seem to be much in favor of data protection: https://noyb.eu/en/irish-dpc-handles-9993-gdpr-complaints-wi... & https://bigbrotherawards.de/en/2022/lifetime-achievement-iri...

This will change soon. From what I heard work is underway to let national data protection offices handle cases without the Irish DPC or force the Irish CPC to work.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: