they must first comply with the Patriot Act, the FISA amendment Act, and the Cloud Act, because they are in the same jurisdiction as them… then, maybe the EU GDPR. in that order. always.
well it’s standard “hierarchy of norms” theory of the law, when regulations of different nature piling up…
Also Patriot, FISA-A, and Cloud acts all pretend to be justified by “national security” which times and times again has been considered in the US be a higher imperative in the hierarchy of the norms (in many cases justifying to even bypass the constitution when it comes to spying on US citizens, etc.).
Whichever way you look at it: the NSA and the CIA (and countless other agencies) who have been granted unlimited, unregulated, untraceable access to all data processed by any US company are not subjected to the EU GDPR.
https://www.cloudflare.com/privacypolicy/
Privacy policies doesnt mean anything, if it’s a US based company. Doesnt matter if the servers are in the EU. They steal it anyway.
Look US Cloud Act.
They do; foreign companies must comply with the GDPR when processing or storing European citizen’s personal data.
See: GDPR Art. 3
they must first comply with the Patriot Act, the FISA amendment Act, and the Cloud Act, because they are in the same jurisdiction as them… then, maybe the EU GDPR. in that order. always.
Can you provide a source for that? See also: https://www.dataprivacyframework.gov/
https://www.forbes.com/sites/emmawoollacott/2025/07/22/microsoft-cant-keep-eu-data-safe-from-us-authorities/ iirc, this was about EU servers that were not supposed to forward data to the US by contract
well it’s standard “hierarchy of norms” theory of the law, when regulations of different nature piling up…
Also Patriot, FISA-A, and Cloud acts all pretend to be justified by “national security” which times and times again has been considered in the US be a higher imperative in the hierarchy of the norms (in many cases justifying to even bypass the constitution when it comes to spying on US citizens, etc.).
Whichever way you look at it: the NSA and the CIA (and countless other agencies) who have been granted unlimited, unregulated, untraceable access to all data processed by any US company are not subjected to the EU GDPR.
Do you honestly believe the US follows the GDPR?
It’s not about believe. And it depends on the company; though they’re legally required nonetheless.
See also: https://www.dataprivacyframework.gov/
They are also legally required to hand over the data. Do you honestly believe they go against the orange dictator and NSA?