> OpenAI is NOW DIRECTED to preserve and segregate all output log data that would otherwise be deleted on a going forward basis until further order of the Court (in essence, the output log data that OpenAI has been destroying), whether such data might be deleted at a user’s request or because of “numerous privacy laws and regulations” that might require OpenAI to do so.
Spicy. European courts and governments will love to see their laws and legal opinions being shrugged away in ironic quotes.
EU–US Data Privacy Framework is an US scam to get European user data.
It totally is that's why it keeps being shot down by the courts and relaunched under a different name.
But the EU willingly participates in this. Probably because they know there's no viable alternative for the big clouds.
This is coming now though since the US instantly.
I know I viable alternative to the big clouds.
Don't use them! They cost too much in dollar terms, they all try to EEE lock you in with "managed" (and subtly incompatible) versions of services you would otherwise run yourself. They are too big to give a shit about laws or customer whims.
I have plenty of experience with the big three clouds and given the choice I'll run locally, or on e.g. Hetzner, or not at all.
My company loves to penny-pinch things like lunch reimbursement and necessary tools, but we piss away latge sums on unused or under-used cloud capacity with glee, be ause that is magically billed elsewhere (from the point of view of a given manager).
It's a racket, and I'm by mo means the first to say so. The fact that this money-racket is also a dat-racket doesn't surprise me in the least. It's just good racketeering!
Yes. Cloud is great for a very specific usecase. Venture capital startups which either go viral and explode, or die within a year. In those cases you need the capacity to automatically scale and also to only pay for the resources you actually use so you the service pays for itself. You also have no capex and you can drop the costs instantly if you need to close up shop. For services that really need infinite and instant scaling and flexibility, cloud is a genuinely great option.
However that's not what most traditional companies do. What my employer does, is picking up the physical servers they had in our datacenters, dump them on an AWS compute box they run 24/7 without any kind of orchestration and call it "cloud". That's not what cloud is, that is really just someone else's computer. We spend a LOT more now but our CIO wanted to "go cloud" because everyone is so it was more a tickbox than a real improvement.
Microservices, object storage etc, that is cloud.
"But the EU willingly participates in this."
Parts of the European Commission "influenced" by lobbyists collude with the US.
And just like that, OpenAI got banned in my company today.
Good job.
> OpenAI got banned in my company today
Sarbanes–Oxley would like a word.
Do you mean to say that Sarbox might preclude this? Or that it should have been banned already? The meaning isn't clear to me and I would be grateful for further explanation.
I’m saying that any org that ditched OpenAI for this specific reason is also likely committing investor fraud.
Don't tell them all their other communication is intercepted and retained on the same basis. Good luck running your business in full isolation.
> Spicy. European courts and governments will love to see their laws and legal opinions being shrugged away in ironic quotes.
The GDPR allows to retain data when require by law as long as needed. People that make regulations may make mistakes sometimes, but they are no that stupid as to not understand the law and what things it may require.
The data was correctly deleted on user demand. But it cannot be deleted where there is a Court order in place. The conclusion of "GDPR is in conflict with the law" looks like rage baiting.
It's questionable to me whether a court order of a non-eu court applies. "The law" is EU law, not American law.
If any non-eu country can circumvent GDPR by just making a law that it doesn't apply, the entire point of the regulation vanishes.
Doesn't that work both ways? Why should the EU be able to override American laws regarding an American company?
It doesn't really matter from what country the company is. If you do business in the EU then EU laws apply to the business you do in the EU. Just like EU companies adhere to US law for the business they do in the US.
Because we're talking about the personal data of EU citizens. If it's to be permitted to be sent to America at all, that must come with a guarantee that EU-standard protections will continue to apply regardless of American law.
> If it's to be permitted to be sent to America at all
Do you mean that I, an EU citizen am being granted some special privilege from EU leadership to send my data to the US?
It's the other way around. The EU has granted US companies a temporary permission to handle EU customers' data. https://en.m.wikipedia.org/wiki/EU%E2%80%93US_Data_Privacy_F...
I say temporary because it keeps being shot down in court for lax privacy protections and the EU keeps refloating it under a different name for economic reasons. Before this name it was called safe harbor and after that it was privacy shield.
No, the company you're sending it to is required to care for it. Up to and including refusing to accept that data if need be.
Of course you don't need permission to do something with your own data. But if someone wants to process other people's data, that's absolutely a special privilege that you don't get without committing to appropriate safety protocols.
It works the other way around; the American company is granted a special privilege to retrieve EU citizen data.
I'm not sure they are "retrieving" data. People register on the website and upload stuff they want to be processed and used.
I mean, sometimes the government steps in when you willingly try to hand over something on your own will, such as very strict rules around organ donation, I can't simply decide to give my organs to some random person for arbitrary reasons even if I really want to. But I'm not sure if data should be the same category where the government steps in and says "no you can't upload your personal data to an American website"
Likewise, why should America be able to override European laws regarding European users in Europe?
It's all about jurisdiction. Do business in Country X? Then you need to follow Country X's laws.
Same as if you go on vacation to County Y. If you do something that is illegal in Country Y while you are there, even if it's legal in your home country, you still broke the law in Country Y and will have to face the consequences.
Because EU has jurisdiction when the american company operates in the EU.
It’s WAY more complicated than that.
Where is the HQ of the company?
Where does the company operate?
What country is the individual user in?
What country do the servers and data reside in?
Ditto for service vendors who also deal with user data.
Even within the EU, this is a mess and companies would rather use a simple heuristic like put all servers and store all data for EU users in the most restrictive country (I’ve heard Germany).
> Where is the HQ of the company?
If outside EU, then they need to accept EU jurisdiction and notify who is representative plenipotentiary (== can make decisions and take liability on behalf of the company).
> Where does the company operate?
Geography mostly doesn't matter as long as they interact with EU people. Because people are more important.
> What country is the individual user in?
Any EU (or EEA) country.
> What country do the servers and data reside in?
Again, doesn't matter, because people > servers.
It's almost like if bureaucrats who are writing regulations are experienced in writing regulations in such a way they can't be circumvented.
EDIT TO ADD:
From OpenAI privacy policy:
> 1. Data controller
> If you live in the European Economic Area (EEA) or Switzerland, OpenAI Ireland Limited, with its registered office at 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland, is the controller and is responsible for the processing of your Personal Data as described in this Privacy Policy.
> If you live in the UK, OpenAI OpCo, LLC, with its registered office at 1960 Bryant Street, San Francisco, California 94110, United States, is the controller and is responsible for the processing of your Personal Data as described in this Privacy Policy.
As you astutely note, the company probably has it's "HQ" (for some legal definition of HQ) a mere 30 minutes across Dublin (Luas, walk in rain, bus, more rain) from the Data Protection Commission. It's very likely that whatever big tech data-hoarder you choose has a presence very close to their opposite number in both of these cases.
If it was easier or more cost-effective for these companies not to have a foot in the EU they wouldn't bother, but they do.
> It's almost like if bureaucrats who are writing regulations are experienced in writing regulations in such a way they can't be circumvented.
Americans often seem to have the view that lawmakers are bumbling buffoons who just make up laws on the spot with no thought given to loop holes or consequences. That might be how they do it over there, but it's not really how it works here.
Maybe when talking about the GDPR specifics, but not when it comes to whether the EU has jurisdiction over companies in the EU.
They can't override laws of course, but it could mean that if two jurisdictions have conflicting laws, you can't be active in both of them.
Because it's European users whose data is being recorded on the order of a court that doesn't even have jurisdiction over them?
You don't understand how that works:
EU companies are required to act in compliance with the GDPR. This includes all sensitive data that is transfered to business partners.
They must make sure that all partners handle the (sensitive part of the) transfered data in a GDPR compliant way.
So: No law is overriden. But in order to do business with EU companies, US companies "must" offer to treat the data accordingly.
As a result, this means EU companies can not transfer sensitive data to US companies. (Since the president of the US has in principle the right to order any US company to turn over their data.)
But in practice, usually no one cares. Unless someone does and then you might be in trouble.
> GDPR: “Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognized or enforceable if based on an international agreement…”
That is why international agreements and cooperation is so important.
Agreement with the United States on mutual legal assistance: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=legissum...
Regulatory entities are quite competent and make sure that most common situations are covered. When some new situation arises an update to the treaty will be created to solve it.
Seems like the EU should be less agreeable with these kinds of treaties going forward. Though precedent is already set by the US that international agreements don't matter so arguably the EU should just ignore this.
> Regulatory entities are quite competent and make sure that most common situations are covered.
There's "legitimate interest", which makes the whole GDPR null and void. Every website nowdays has the "legitimate interest" toggled on for "track user across services", "measure ad performance" and "build user profile". And it's 100% legal, even though the official reason for GDPR to exist in the first place is to make these practices illegal.
Exactly. The ECJ flapped a bit in 2019 about this but then last year opined that the current interpretation "legitimate interest" by the Dutch DPA is too strict (on the topic of whether purely commercial interests counts)
It's a farce and just like the US constitution they'll just continuously argue about the meanings of words and erode then over time
None of those use cases are broadly thought of as legitimate interest and explicitly require some sort of consent in Europe.
Session cookies and profiles on logged in users is where I see most companies stretching for legitimate interest. But cross service data sharing and persistent advertising cookies without consent are clearly no bueno.
> But cross service data sharing and persistent advertising cookies without consent are clearly no bueno.
https://www.reddit.com/media?url=https%3A%2F%2Fpreview.redd....
"legitimate interest" is a fact about the data processing. It cannot be "toggled on". It also does not invalidate all other protections (like the prevention of data from leaving the EEA).
legitimate interest is, for example - have some way to identify user who is logged in. So keep email address for logged in users. Have some way to identify people who are trying to get account that have been banned, so have a table of banned users with email addresses for example.
none of these others are legitimate interest. Furthermore combining the data from legitimate interest (email address to keep track of your logged in user) with illegitimate goals such as tracking across services would be illegitimate.
"legitimate interest" isn't a carte blanche. Most of those "legitimate interest" claims are themselves illegal
Legitimate interest includes
- Direct Marketing
- Preventing Fraud
- Ensuring information security
It's weasel words all the way down. Having to take into account "reasonable" expectations of data subjects etc. Allowed where the subject is "in the service of the controller"
Very broad terms open to a lot of lengthy debate
None of these allow you to just willy-nilly send/sell info to third parties. Or use that data for anything other than stated purposes.
> Very broad terms open to a lot of lengthy debate
Because otherwise no law would eve be written, because you would have to explicitly define every single possible human activity to allow or disallow.
preventing fraud and info security are legitimate, direct marketing may be legitimate but probably is not.
direct marketing that I believe is legitimate - offers with rebate on heightened service level if you currently have lower service level.
direct marketing that is not legitimate, this guy has signed up for autistic service for our video service (silly example, don't know what this would be), therefore we will share his profile with various autistic service providers so they can market to him.
> preventing fraud
Fraud prevention is literally "collect enough cross-service info to identify a person in case we want to block them in the future". Weasel words for tracking.
> therefore we will share his profile with various autistic service providers so they can market to him.
This again falls under legitimate interest. The user, being profiled as x, may have legitimate interest in services targeting x. But we can't deliver this unless we are profiling users, so we cross-service profile users, all under the holy legitimate interest
> Fraud prevention is literally "collect enough cross-service info to identify a person in case we want to block them in the future". Weasel words for tracking.
You're literally not allowed to store that data for years, or to sell/use that data for marketing and actual tracking purposes.
You would not be allowed if not for legitimate interest.
Websites A and B buy fraud prevention service FPS, website A flags user x as fraudulent, how should FPS flag user x as high risk for website B if consent from user x was required?
Legitimate interest literally allows FPS to track users, build cross-service profiles, process and store their data in case FPS needs that data sometime in the future. Under legitimate interest response to query "What's the ratio of disputed transactions for this user?" is perfectly legal trigger to put all that data to use, even though it is for all intents and purposes indistinguishable from pre-GDPR tracking.
And how funny - I just got an email from Meta about Instagram:
"Legitimate interests is now our legal basis for using your information to improve Meta Products"
Fun read https://www.facebook.com/privacy/policy?section_id=7-WhatIsO...
But don't worry, "None of these allow you to just willy-nilly send/sell info to third parties." !
Basically, the GDPR doesn’t guarantee your privacy at all. Instead, it hands it over to the state through its court system.
Add to that the fact that the EU’s heavy influence on the courts is a well-documented, ongoing deal, and the GDPR comes off as a surveillance law dressed up to seem the total opposite.
Quite right it doesnt absolutely protect your privacy. I'd agree that it's full of holes, but I do think it also contains effective provisions which assist with users controlling their data and data which identifies them.
Which courts are influenced by the EU? I don't think it's true of US courts, and courts in EU nations are supposed to be influenced by it, it's in the EU treaties.
Time to hit them with that 4% fine on revenue while they still have some money...
Will the EU respond by blocking them from doing business in the EU, given they're not abiding by GDPR?
It would be a political catastrophe right now if the EU blocked US companies due to them needing to comply with temporary US court orders. My guess is this'll be swept under the rug and permitted under the basis of a legal obligation
What about the other way around? Why don't we see a US court order that is in conflict with EU privacy laws as a political catastrophe, too?
Because deep down Americans don't actually have any respect for other countries. This sounds like a flamebait answer, but it's the only model I can reconcile with experience.
Because courts are (wrongly) viewed as not being political, and public opinion hasn't caught up with reality yet.
Even if the we imagined the courts as apolitical (and I agree with you, they actually are political so imagining otherwise is silly), the question of how to react to court cases in other countries is a matter of geopolitics and international relations.
While folks believe all sorts of things, I don’t think anyone is going to call international relations apolitical!
International relations could fairly be called anarchic because they aren't bound by law and no entity is capable of enforcing them against nation states. Remember that whenever 'sovereignty' is held up as some sacred, shining ideal what they really mean is 'the ability to do whatever the hell they want without being held accountable'.
The court system as a whole is more beholden to laws as written than politics.
And that's a key institution in a democracy, given the frequency with which either the executive or legislative branches try to do illegal things (defined by constitutions and/or previously passed laws).
Yes, courts ought to be apolitical. Just that recently, especially the supreme court has not been meeting that expectation.
Courts have always been political, which is why "jurisdiction shopping" has been a thing for decades. The Supreme Court, especially, has always been political, which is why one of the biggest issues in political campaigns is who is going to be able to nominate new justices. Most people of all political persuasions view courts as apolitical when those courts issue rulings in that affirm their beliefs, and political when they rule against them.
You're right though, in a perfect world courts would be apolitical.
> You're right though, in a perfect world courts would be apolitical.
Most other western democracies are a lot closer to a perfect world, it seems.
Germany, where they lock you up for criticizing politicians[1] or where they have a ban against protesting for Palestine because it's "antisemitic"?[2]
Or UK where you can get locked up for blasphemy[3] or where they lock up ~30 people a day for saying offensive things online because of their Online Safety Act?[4]
Or perhaps Romania where an election that didn't turn out the way the EU elites wanted is overturned based on nebulous (and later proven false) accusation that the election was somehow influenced by a TikTok campaign by the Russians that later turned out to have been funded by a Romanian opposition party.[5]
I could go on and on, but unfortunately most other western democracies are just as flawed, if not worse. Hopefully we can all strive for a better future and flush the authoritarians, from all the parties.
[1] https://www.youtube.com/watch?v=-bMzFDpfDwc
[2] https://www.euronews.com/2023/10/19/mass-arrests-following-p...
[3] https://news.sky.com/story/man-convicted-after-burning-koran...
[4] https://www.thetimes.com/uk/crime/article/police-make-30-arr...
[5] https://www.politico.eu/article/investigation-ties-romanian-...
I understand these are court decisions you don't agree with. (And neither do I for the most part, though I imagine some of these cases to have more depth to them.)
But is there any reason to believe that judged were pressured/compelled by political powers to make these decisions? Apart from, of course, the law created by these politicians, which is how the system is intended to work.
>But is there any reason to believe that judged were pressured/compelled by political powers to make these decisions?
No, but I have every reason to believe that the judges who made these decisions were people selected by political powers so that they would make them.
>Apart from, of course, the law created by these politicians, which is how the system is intended to work.
But the system isn't working for the people, it is horribly broken. The people running the system are mostly corrupt and/or incompetent, which is why so many voters from a wide variety of countries, and across the political spectrum, are willing to vote for anyone (even people who are clearly less than ideal) that shits all over the system and promises to smash it. Because the system is currently working exactly how it's intended to work, most people hate it and nobody feels like they can do anything about it.
The American Supreme Court could have been balanced though. Sadly, one team plays to win, the other team wants to be in a democracy. The issue is not the politics of the court, but the enforced Partisanship which took hold of the Republican Party post watergate.
All systems can be bent, broken, or subverted. Still, we need to make systems which do the best within the bounds of reality.
>Sadly, one team plays to win, the other team wants to be in a democracy.
As a lifelong independent, I can tell you that this sort of thinking is incredibly prevalent and also incredibly wrong. Even a casual look at recent history proves this. How do you define "democracy"? Most of us define it as "the will of the people". Just recently, however, when "the will of the people" has not been the will of the ruling class, the "will of the people" has been decried as dangerous populism (nothing new but something that has re-emerged recently in the so-called Western World). It is our "institutions" they argue, that are actually democracy, and not the will of the foolish people who are ignorant and easily swayed.
>All systems can be bent, broken, or subverted.
Very true, and the history of our nation is proof of that, from the founding right up to the present day.
>Still, we need to make systems which do the best within the bounds of reality.
It would be nice, but that is a long way from how things are, or have ever been (so far).
My impression was that American democracy is supposed to "derive its power from those being governed" (as opposed to being given power by God) and pretty explicitly was designed to actively prevent "the tyranny of the majority", not enable it.
I think it's a misreading to say the government should do whatever the whim of the most vocal, gerrymandered jurisdictions are. Instead, it is a supposed to be a republic with educated, ethical professionals doing the lawmaking within a very rigid structure designed to limit power severely in order to protect individual liberty.
For me, the amount of outright lying, propaganda, blatant corruption, and voter abuse makes a claim like "democracy is the will of the most people who agree" seem misguided at best (and maybe actively deceitful).
Re reading your comment, the straw man about "democracy is actually the institutions" makes me think I may have fallen for a troll so I'm just going to stop here.
>Re reading your comment, the straw man about "democracy is actually the institutions" makes me think I may have fallen for a troll so I'm just going to stop here.
You haven't, so be assured.
>I think it's a misreading to say the government should do whatever the whim of the most vocal, gerrymandered jurisdictions are.
It shouldn't, and I didn't argue that. My argument is that the people in charge have completely disregarded the will of the people en mass for a long time, and that the people are so outraged and desperate that at this point they are willing to vote for anyone who will upend the elite consensus that refuses to change.
>Instead, it is a supposed to be a republic with educated, ethical professionals doing the lawmaking within a very rigid structure designed to limit power severely in order to protect individual liberty.
How is that working out for us? Snowden's revelations were in 2013. An infinite number of blatantly illegal and unconstitutional programs actively being carried out by various government agencies. Who was held to account? Nobody. What was changed? Nothing. Who was in power? The supposedly "good" team that respects democracy. Go watch the conformation hearing of Tulsi Gabbard from this year. Watch Democratic Senator after Democratic Senator denounce Snowden as a traitor and repeatedly demand that she denounce him as well, as a litmus test for whether or not she could be confirmed as DNI (this is not a comment on Gabbard one way or another). My original comment disputed the contention that one party was for democracy and the other party was against it. Go watch that video and tell me that the Democrats support liberty, freedom, democracy and a transparent government. I don't support either of the parties, and this is one of the many reasons why.
EU has few customer facing tech companies of note.
Without trying to become too political, but thanks to recent trade developments, right now the US is under special scrutiny to begin with, and goodwill towards US companies - or courts - has virtually evaporated.
I can see that factoring in in a decision to penalise an US company when it breaks EU law, US court order or not.
Ultimately, American companies will be pushed out of the EU market. It’s not going to happen overnight, but the outcome is unavoidable in light of the ongoing system collapse in the US.
EU software scene would take a decade to catch up. Only alternative being if AI really delivers on being a force multiplier - but even then EU would not have access to SOTA internally.
Given what happened with DeepSeek, "not state of the art" can still be simultaneously really close to the top, very sudden, very cheap, and from one small private firm.
Not really with the EU data sources disclosure mindset, GDPR and all that. China has a leg up in the data game because they care about copyright/privacy and IP even less than US companies. EU is supposedly booting US companies because of this.
The data sources is kinda what this court case is about, and even here on HN a lot of people get very annoyed by the application of the "open source" label to model weights that don't have the source disclosure the EU calls for.
GDPR is about personally identifiable humans. I'm not sure how critical that information really is to these models, though given the difficulty of deleting it from a trained model when found, yes I agree it poses a huge practical problem.
> and even here on HN a lot of people get very annoyed by the application of the "open source" label to model weights that don't have the source disclosure the EU calls for.
That's because they are obviously trained on copyrighted content but nobody wants to admit it openly because that opens them to even more legal trouble. Meanwhile China has no problem violating copyright or IP so they will gladly gobble up whatever they can.
I don't think you can really compete in this space with the EU mindset, US is playing it smart and leaving this to play out before regulating. This is why EU is not the place for these kinds of innovations, the bureaucrats and the people aren't willing to tolerate disruption.
What does the EU lack? Is it the big corp infra? Or something more fundamental?
In my opinion, we lack two things:
a) highly qualified people, even European natives move to Silicon Valley. There is a famous photo of the OpenAI core team with 6 Polish engineers and only 5 American ones;
b) culture of calculated risk when it comes to investment. Here, bankruptcy is an albatross around your neck, both legally and culturally, and is considered a sign of you being fundamentally inept instead of maybe just a misalignment with the market or even bad luck. You'd better succeed on your first try, or your options for funding will evaporate.
Worth pointing out that DeepMind was founded in London, the HQ is still here, and so is the founder and CEO. I've lived in North London for 8 years now, there are _loads_ of current-and-former DeepMind AI people here. Now that OpenAI, Anthropic, and Mistral have offices here the talent density is just going up.
On risk, we're hardly the Valley, but a failed startup isn't a black mark at all. It's a big plus in most tech circles.
The UK is a bit different in this regard, same as Scandinavia.
But in many continental countries, bankruptcy is a serious legal stigma. You will end up on public "insolvency lists" for years, which means that no bank will touch you with a 5 m pole and few people will even be willing to rent you or your new startup office space. You may even struggle to get banal contracts such as "five SIMs with data" from mobile phone operators.
There seems to be an underlying assumption that people who go bankrupt are either fatally inept or fraudsters, and need to be kept apart from the "healthy" economy in order not to endanger it.
Why? I would see it 2 years ago but now every other platform has completely catched-up to ChatGPT. The LeChat or whatever the French alternative is just as good.
> The General Data Protection Regulation (GDPR) gives individuals the right to ask for their data to be deleted and organisations do have an obligation to do so, except in the following cases:
> there is a legal obligation to keep that data;
https://commission.europa.eu/law/law-topic/data-protection/r...
Except that transferring the data to the US is likely illegal in the first place, specifically due to insufficient legal protections against overreach like this.
The legal obligation has to come from relevant member state or EU law. Not third party countries' laws.
This at best is force majeure that prohibits OpenAI with satisfying its contractual obligations that are there to comply with EU law. But contractual obligations are not the only control organizations have to ensure compliance with EU law, so this is not a defense.
From the law itself:
> 1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay...
> 3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
> e. for the establishment, exercise or defence of legal claims.
https://gdpr-info.eu/art-17-gdpr/
The law makes no reference to the idea that the legal claims must be under a member state or EU law.
GDPR allows for this as far as i can tell (IANAL)
> Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
> ...
> for the establishment, exercise or defence of legal claims.
if you are the controller (or data subject). ChatGPT is the Processor. Otherwise EU controller processing PII in ChatGPT have a problem now.
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Do legal claims outside eu jurisdiction apply? Seems like too big of a loophole to let any court globally sidestep GDPR.
Hopefully.
We need many strong AI players. This would be a great way to ensure Europe can grow its own.
> This would be a great way to ensure Europe can grow its own.
The reason this doesn't happen is because of Europe's internal issues, not because of foreign competition.
Arguably, until recently there just wasn't any reason to: Europeans were happy buying American software and online services; Americans were happy buying German cars and pharmaceuticals.
Personally, I don't think the US clouds win anything on merit.
It's hard/pointless to motivate engineers to use other options and their significance doesn't grow since Engineers won't blog that much about them to show their expertise, etc. Certification and experience with a provider with 10%-80% market share is a future employment reason to put up with a lot of trash, and the amount of help to work around that trash that has made it into places like ChatGPT is mindboggling.
Doesn't GDPR have an explicit exemption for legal compliance?
Yes, but somehow I feel like "a foreign court told us to save absolutely everything" will not hold up in the EU indefinitely.
At least in sensitive contexts (healthcare etc.) I could imagine this resulting in further restrictions, assuming the order is upheld even for European user's data.
Legal compliance with European laws that they are subject of. Not any random law around the world.
Do you have a refference for where the GDPR limits it to only EU law compliance?
Quoting wikipedia: The regulation does not purport to apply to the processing of personal data for national security activities or law enforcement of the EU; however, industry groups concerned about facing a potential conflict of laws have questioned whether Article 48 could be invoked to seek to prevent a data controller subject to a third country's laws from complying with a legal order from that country's law enforcement, judicial, or national security authorities to disclose to such authorities the personal data of an EU person, regardless of whether the data resides in or out of the EU. Article 48 states that any judgement of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may not be recognised or enforceable in any manner unless based on an international agreement, like a mutual legal assistance treaty in force between the requesting third (non-EU) country and the EU or a member state. The data protection reform package also includes a separate Data Protection Directive for the police and criminal justice sector that provides rules on personal data exchanges at State level, Union level, and international levels.[8]
https://en.wikipedia.org/wiki/General_Data_Protection_Regula...
Thank you, that helps understand the wider picture. However, article 48 only to deal with transfers and disclosures, not with storage and retention.
The order is a bit broad, but legal holds frequently interact with deletion commitments. In particular, the only purpose of data deleted under GDPR held up by a legal hold should be for that legal hold, so it would be a big no-no if OpenAI continued to use that data for training.
No. GDPR was never enforced, else Microsoft, Meta, Google and Apple couldn't do business in the EU.
EU privacy laws are nothing but theatre. How many times have they put up a law which would undermine end-to-end encryption or the recent law which "bans" anonymous crypto coins? It's quite clear they are very good at virtue signaling
Not sure why are you down voted here. I'm in EU and everything I can say about GDPR is that it does not work (simple example, government itself publishes my data including National ID number on their portal with property data; anybody can check who my parents are or if I'm on mortgage). And there are more.
People on HN are fucking delusional. They have no connection to real world scenarios and most of them don't care about actual privacy. They only care about laws which make it sound like everything's fine
Europe doesn't have jurisdiction over the US, and US courts have broad leeway in a situation like this.
The EU has a certain amount of jurisdiction over all companies providing a service to customers located in the EU.
A US company can always stop serving EU customers if it doesn't want to comply with EU laws, but for most the market is too big to ignore.
So when one government compels an action another forbids, that's an international political situation.
There is no supreme law at that level; the two nations have to hash it out between them.
And yet, iPhones are shipping usb C.
Making separate manufacturing lines for Europe vs US is too expensive, so in effect, Europe forced a US company to be less shitty globally.
USB C is a huge downgrade from lightning. The lightning connector is far more robust. The little inner connector board on USB C is so fragile. I’ll never understand why people wanted this so badly.
Have you ever had one fail on an Apple device?
The accurate comparison here isn’t between random low-budget USB-C implementations and Lightning on iPhones, but between USB-C and Lightning both on iPhones, and as far as I can tell, it’s holding up nicely.
I have multiple ones. They accumulate dust easily and get damaged much more often. You won’t see that if 99% of the time is in clean environment. As of today I have 3 iPhones that won’t charge on the wire. Those are physical damages so it’s not like anything covers it (and Apple Care is not available in Poland). Same happens with the cables. I’m replacing USB-C display cable (that’s lightning I suppose) every year now because they get loose and start to disconnect if you sneeze in the vicinity.
I despise USB-C with all my heart. Amount of cable trash has tripled over the years.
Maybe try wireless charging.
I find it superior to both lightning and USB-C.
I do, I rarely use USB-C on Apple devices (well outside of Mac). Wireless is great and I have nice looking night clock and moving files/other stuff over airdrop works good enough for me not plugging anything in. Recently I had to charge over the phone which required removal of pocket lint beforehand.
Literally every other device is usb-c, thats why
I'm a big fan of this change, however, I think to a black mirror episode [0] where essentially little robot dogs could interface with everything they came into contact with because every connection was the same, it may be trivial to have multiple connections for a weapon like this but the take away I had from this is that 'variety' may be better than a single standardized solution. Partly because it is more expensive to plan for multiple types of inputs and making the cost of war go up will make it more difficult which I think inherently is the idea behind some of the larger cybersecurity companies, a hack can only work once then everyone has defenses for it after that single successful attack, this makes it more expensive to successfully stage attacks. Huge digression from this convo... but I think back to this constantly.
Many defensive are a trade off between the convenience of non attackers, and the trouble created for attackers.
Given the sheer number of devices we interact with in a single day, USB-C as a standard is worth the trade off for an increase in our threat surface area.
1000 Attackers can carry around N extra charging wires anyway.
10^7 users having to keep say, 3 extra charging wires on average? That’s a huge increase in costs and resources.
(Numbers made up)
Two thoughts:
1) Surely the world conquering robo-army could get some adapters.
2) To the extend to which this makes anything more difficult, it is just that it makes everything a tiny bit less convenient. This includes the world-conquering robo-army, but also everything else we do. It is a general argument against capacity, which can’t be right, right?
So I suppose Lightning's abysmally slow transfer speed is also a security feature? No way you can exfiltrate my photo roll at 60 MBps :)
All of my devices are lightening. Now I have to carry around 2 cables.
There's simply more people with the opposite problem, especially in markets where Apple is less prevalent, which is most of them around the world. When there's more than one type of cable, plenty of people are going to be inconvenienced when one is chosen as the cable to rule them all, but in the end everyone wins, it's just annoying to get there.
> plenty of people are going to be inconvenienced when one is chosen as the cable to rule them all, but in the end everyone wins
That's not everyone wins. The people that actually bought these devices now have cables that don't work and need to replace with a lower quality product, and the people who were already using something else are continuing to not need cables for these devices. The majority breaks even, a significant minority loses.
Simply not choosing one cable to rule them all lets everyone win. There is no compelling reason for one size to fit all.
It's a temporary drawback; everyone wins in the long term because there's only one standard.
Again, that's not a win for anybody. No one winds up in a better position than where they started, there is no payback in exchange for the temporary drawback, which also isn't temporary if the final standard is inferior.
If some people like hip hop but more people like country, it's not a win for everybody to eliminate the hip hop radio stations so we can all listen to a single country station.
This is closer to having a common railway gauge, though.
Not at all. A common railway gauge is necessary for different parts of the rail network to be joined together. If one section of the network has a different gauge, it is cut off and can not be joined without being completely replaced, leaving you with two less capable rail networks. Everyone does benefit from a more capable rail network.
Further, rail gauge is not a consumer choice. If there were two rail gauges and your local rail station happened to have a different gauge than your destination, you'd be SOL. A different rail gauge may provide benefits for people with specific needs, but you don't get to take advantage of those benefits except by blind luck.
There is no such benefit from standardizing cable connectors. If someone charges their phone with the same style cable as you, you gain nothing. If someone uses a different cable, you lose nothing. There is no reason for anyone not to use their preferred cable which is optimal for their use case.
Everyone, but the environment wins. Once I upgrade my phone and Airpods, I will have to throw out my pack of perfectly working lightning cables.
I'm sure there are more than a few people that would end up throwing out their perfectly functional accessories, only for the convenience of carrying less cables.
Why don’t you donate them to a thrift store or educational charity? Are there no non-profits who refurbish and reuse electronics in your community?
I don't want to burn fuel trying to find a place to accept used 5 year old Airpod Pros with yellow earbud plastic.
I don't want to ship another cable across the Pacific Ocean from China so I can have a cable that works on my devices.
I want to keep using them until they don't work and I can't repair them any more.
All of mine are USB C and now I only carry around one. All of the lightning cords and micro USB cables are in a drawer somewhere with the DVI, component cables, etc.
neat. I get to throw out my perfectly working apple products that have years left in them and switch re-sync my cables.
That is great you spent the money for this, but I'm not ready to throw away my perfectly fine devices.
It’s a huge upgrade on the basis of allowing me to remove lightning cables from my life
On a specsheet basis it also charges faster and has a higher data transmission rate.
Lightning cables are not more robust. They are known to commonly short across the power pins, often turning the cable into an only-works-on-one-side defect. I replaced at least one cable every year due to this.
If lightning was an open standard then it would objectively be better than USB-C and would likely have won.
Instead Apple chose to make a good improvement on USB-C proprietary, and thus it will die like 8-track, betamax, and minidiscs.
Vendor lock-in is so big of a negative that everyone will pick whatever the least-bad open alternative is.
Lightning was basically what happened when Apple got tired of waiting for the standards committee to converge on what USB-C would be, so they did their own.
And... yeah, it turned out better than the standard. Their engineers have really good taste.
And then the rest of the world got tired of Apple not proposing this supposedly superior piece of engineering as a new standard... because of licensing shenanigans.
with USB-C, the fragile end is on the cable instead of the port. that is a design feature.
I thought so, but my Pixel 9 USB-C port falls out of place now after less than a year. :(
Same problem. This may be the last Pixel I own because two in a row now have lost their USB-C sockets.
Because I can charge my iPhone, my AirPods, and my mac, all with the same charger
Reminds me of something…[0]
What are you doing to your USB-C devices? I’ve owned dozens and never had a single port break.
Sure, but the EU has jurisdiction over European companies and can prohibit them from storing or processing their data in jurisdictions incompatible with its data privacy laws.
There's also an obvious compromise here – modify the US court ruling to exclude data of non-US users. Let's hope that cool heads prevail.
