Depends on the dimension used. « Shoulds » are meaningless. Let’s not assume everyone is doing removed work, awareness is getting there and people are getting more capable to correctly classify data. Anyway assuming correct classification there are techniques that changes classification enough to allow exportation of data to removed countries.
There’s plenty of techniques to avoid re-identification… aggregation isn’t the only way. Especially considering that aggregation if using a stupid dimension isn’t helping at all…
It’s never been illegal at all, you’re oversimplifying the issue. Plenty of use cases that can use US clouds. Not all data is PII and plenty of use cases perform fine by anonymising their data. Also EU countries aren’t that better than US when it comes to state issued privacy violations; we just don’t do dragnet bullremoved (yet) but plenty of requests are served as requested…
I can understand being fine with a nomination that aligns with his personal interests but from there the journey to « party of small people » likely takes a convoluted path.
Call interception, retro and all methods of investigation relying on télécommunications are, and need to remain, a tool available for police forces when the crimes they are investigating are greatly impacting society. Having a prosecutor request those within acceptable limits is a net positive. Not the same as having dragnets spying on everyone in the hope of hitting keywords mind.
But criminality is using more and more complex tools at their disposition and there’s just no way of policing like in medieval times anymore.
What would be your preferred approach ? I’m on the implementation side of this in a reasonably large company and so far I found the act to be reasonable. It must rely on some interpretation as every piece of such regulation. Same as GDPR for example and yet it’s a very important progress for EU citizens guarantee wise.