There is not much hype around this topic however, I believe it is very important for EU businesses today.

The European Court of Justice declared the EU-US Privacy Shield to be ineffective due to the FISA 702 regulations in the United States. This basically means that US authorities can execute targeted surveillance on non-US citizens and companies. They can collect, keep, and use this data for investigation. This regulation does not affect US citizens and businesses.

Our company ConfigCat.com serves feature flags and is the sub-contractor of other companies as part of the supplier chain. Some of our European customers started to worry about if their data is safe with their sub-contractors and how does this affect GDPR.

Being a Europen SaaS company with a global user base we looked into how we can handle this quickly with minimal user impact both technically and legally.

If you are facing or faced similar issues, I'd like to hear your thoughts about it. Do you think we are going to face an increasing number of privacy issues in the future due?

Here is what we did:

• Implemented a Data Governance feature in ConfigCat, so customers can decide if they want their data distributed globally or only in the EU based CDN nodes.

• Reviewed all our own sub-contractors swapping the US ones who fall under the FISA 702 regulations.

I'm personally having a bit of anxiety about where this is going. Ideally, every entity should be able to use any service no matter where they are located without being worried about the safety of their data. Maybe I'm just too idealistic.

Our blog post on the topic: https://configcat.com/blog/2020/11/28/eu-us-privacy-shield