Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If the software works well but isn’t compliant with laws a lot of companies will have issues with it.

There are a bunch of regulations these days. GDPR is just one of them. A lot of tools are just not compliant.

IT departments have to take those into account. Especially at public companies.

Microsoft does a good job at that and tends to make it easy for the IT departments, too



There are plenty of large public companies not using Teams. I always found this to be a strange argument.


It's illegal to transfer PII to microsoft under GDPR though, so wouldn't it be like setting up a minefield for your employees to consciously choose ms teams for daily communications?


no its not illegal, it just needs a lot of lawyers to workout the details. GDPR does not block a lot of things, it only requires you to work out the proper procedures and paperwork. And that is where Microsoft is good at, the compliance support.


How is is not illegal? The details are basically "PII EU resident data cannot be given to companies falling under legislation of governments not following due process regarding access of PII belonging to those residents" + "The US government regards itself above anything else and does not follow due process when accessing PII of EU citicens stored on premise of companies falling under its legislation" => "EU law does not allow transfer of EU residents PII to US companies". There's no "proper procedures" when it comes to protecting data stored by US companies from the US government.


From what I understand of the Schrems court rulings I think you're right, but the whole EU establishment is continuing to try to ignore the ECJ on this because cutting out US vendors is more disruptive than they want to deal with. From a realpolitik perspective, it's only as illegal as the fines and binding court orders (after exhaustion of appeal rights) will make it.

I also wonder what the Schrems court rulings mean about US citizens working in the EU for EU companies, since the US might feel free to give purportedly binding surveillance orders to such citizens; or for EU residents who visit the US while working for EU companies and receive a binding surveillance order while in the US, possibly even with their work equipment and remote access to company PII.

If cutting out US vendors is disruptive, avoiding travel to and remote work from the US, and avoiding hiring (or being subject to hierarchical oversight from) US citizens in Europe would be even more so.

As a US citizen who is about to move to Europe myself, my preferred solution would of course be for the GDPR to be followed strictly and for the US to change its laws. But I'm really not expecting the US to pass that kind of legislation now.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: