Considering that this ruling is based on schrems II case which concluded that FISA 702 and EO 12.333 are not compatible with GDPR it would seem that holding data within the EU is not a solution since FISA 702 and EO 12.333 are applicable to data held anywhere in the world by a US company.
Am not legally savvy on this to be educated on merits of what cited FISA/EO mean.
I am curious as to what argument can find it acceptable to block US company, also when they place data within EU and can’t be compelled to handover to US law enforcement.
>can’t be compelled to handover to US law enforcement
Even if a US company holds their data in the EU, due to FISA 702, the CLOUD act and EO 12.333, they can still be compelled to hand over that data. So being a US company is a dealbreaker, regardless of where the data is stored.
Google would have to redesign their corporate structure so that EU customers of Google EU are never subject to US law, with no US-owned business anywhere in the subsidiary chain. Imagine that this is the current chain:
Alphabet (US) -> Google (US) -> Google (EU)
Under such a structure, Google (EU) is not GDPR-compliant, and will need to drop all upstream inheritance of (US) to comply with this ruling.
