Yes, because you're still passing personal data to the USA, which means US intelligence services can access it.
If this doesn't cut the internet in two, I don't get where the line goes.
It might be.
So if I hosted my servers in any of the AWS US regions that too would be illegal if they have any personal data in them. In this case personal data is a randomised unique id. So say I have a table of users and all I have is a username and a password and a unique id for the record that's personal data and the customer is not allowed to give their permission for me to store that in a US data center ?
* Amazon
* Netflix
* Microsoft
* Uber
I mean the list goes on but these are a really big part of the internet.
So any US company cannot store PII on an EU citizen? If someone from the EU comes to my site to make a purchase, I can't allow them to do that?
You know any other US based companies? They have to follow the same reasoning.
It might even be if you are a US based company, you have to follow the same reasoning.
As a US company, you are not allowed to store or transfer data considered personal by GDPR of EU citizens, as your company can be compelled by the US government to hand over that data through an opaque/secret order where the EU citizen is not notified nor has the option to challenge this.
