It would definitely be appreciated to be kept up to date about anything you and your legal team are doing. We are now more or less bound to mention we are working on a solution to safely transfer data between EU and US but practically speaking our hands are tied… So any tidbit of information would be highly welcome!
As for a solution, this could be found in Standard Contractual Clauses (SCC). These are in principle still valid but at the same time cannot prevent the NSA from still accessing said data. This basically makes these clauses invalid.
Another solution would be to create a Bubble subsidiary in EU but there is something called CLOUD Act which allows US security agencies still access to this data. Again not perfectly valid.
Then there is the option of creating a local EU subsidiary with local data center which falls out side of US jurisdiction. However, the cost of this could be pretty substantial and not something I see Bubble investing in.
Additionally, to what extend would the fact that data is stored encrypted (also in transit?) make a difference to GDPR compliancy? If no authority can access the data because of encryption, does it still matter it’s stored in a US location?
Apart from that, I wonder if the core Bubble engine is something that could be deployed decentralized easily. Because storing data outside US is one thing, the processing seems to still happen through the US. Could @allenyang @Bubble shed some light on this mechanism in relation to dedicated servers?
I think it’s important to stress that this is not just impacting EU Bubblers but basically every Bubbler. If you are dealing with EU users (and how do you know you are?) this impacts your application.