I do not understand if or how the physical location of the servers matters.
As I remember, the EU-US data sharing agreement was killed (Schrems II) because of the US CLOUD Act, which infamously doesn't care where the data is stored - as long as the company is under US jurisdiction, it has to let the government snoop at will.
So, it seems to me that Facebook putting data on EU servers wouldn't matter? A three-letter agency could still go to their SV office and legally demand "give me an API key to query through your Irish datacentre and don't tell anyone". To protect EU citizens from that, the Facebook servers in the EU should treat non-EU FB servers exactly like third parties, using OAuth or similar restricted access protocols.
Not sure to understand why the US Cloud Act is « infamous » in that respect. It would make little sense to let companies operating under US jurisdiction store their data in unsearchable data havens outside of US territory. The act has to be fully actionable.
No as it was pursued before it. There are not yet any enforcement or complaint i know targeting the CLOUD Act because everyone agree it would be unenforceable right now.
Try to have an EU tech scene without Microsoft, Azure, Google, Google Cloud or AWS. Or Salesforce. Datadog. Etc
As I remember, the EU-US data sharing agreement was killed (Schrems II) because of the US CLOUD Act, which infamously doesn't care where the data is stored - as long as the company is under US jurisdiction, it has to let the government snoop at will.
So, it seems to me that Facebook putting data on EU servers wouldn't matter? A three-letter agency could still go to their SV office and legally demand "give me an API key to query through your Irish datacentre and don't tell anyone". To protect EU citizens from that, the Facebook servers in the EU should treat non-EU FB servers exactly like third parties, using OAuth or similar restricted access protocols.