And perhaps Palantir?
Even if the US was trustworthy, this is still a prudent move. Good relations are not forever between nations, and it reduces the opportunities for third parties like Palantir to exfiltrate data.
I am 100% for this, and hates Microsoft as much as the next Lemmy user. However… I stumbled into my career by accident, and I feel like shit for it. I’m a Power Platform developer. What are my options to move?
Let me know if you find an answer for that. I’m in the same boat.
The guilt alone is your absolution
But not Palantir.
The list was just to demonstrate the effects, yes it affects also Palantir. It would likely be very illegal to make legislation that affects only a selected few companies.
The EC insider sources told CNBC that the TSP could include a significant limitation for foreign cloud corporations when it comes to managing sensitive data.
To put it simply, US cloud giants such as Microsoft, Amazon, and Google could be restricted in their ability to process specific data types on behalf of public organizations, including financial, judicial, and health-related data.
Don’t let perfection be the enemy of good. We both know morals is rarely why any government does anything.
I’m gonna go ahead and be first to say that palantir is not good. All the government partnerships with them clearly violate GDPR and the AI framework.
Like, it’s good progress that the EU is talking about US companies now, but Palantir should 100% be mentioned in the same breath. At the least because many EU citizens aren’t even aware that Palantir exists.
Hopefully this new law will also apply to Palantir partnerships
I really hope Canada follows suit, after Microsoft pulled that shit with the international criminal court they clearly cannot be trusted.
Seconded for UK. Anyone not reading the room right now and following the EU’s lead is about to FAFO.
I hope so too.
The Ontario government is welcoming a multi-billion-dollar investment from Microsoft, as part of the company’s previously announced $19 billion commitment to Canada. Through this investment, Microsoft is expanding its cloud and artificial intelligence (AI) infrastructure across Ontario, significantly scaling up the province’s computing capability while reinforcing Ontario’s position as a leader in the tech and digital economy. […]
This expansion in Ontario will further bolster the reliability of its data infrastructure to strengthen the province’s domestic data capacity as more businesses begin to adopt and scale AI technologies. Through the company’s Community-First approach, Microsoft will also prioritize alignment with regional economic priorities, including advancing Ontario’s investment readiness and competitiveness, fostering the conditions for job creation and apprenticeships and laying the foundation for advanced AI innovation. (Apr 7, '26)
Ontario is pretty much the Texassippi of Canada, though, right?
Where hog bosses do favours for hog bosses? Pretty much.
You’re thinking of Alberta
Canada can’t at the moment, and its government has continued becoming more and more entrenched in US tech throughout 2025 and 2026. So, prepare to be disappointed. Most Canadians enjoyed the lip-service a bit, but didn’t really care – even things like the “Buy Local” and travel stuff is easing off already, even as the USA continues down its tech oligarch backed authoritarian villain arch.
BC for example, is likely losing its last Canadian-backend financial institution. The financial system regulators, and all the banks/credit unions, are 100% captured by US tech. Wealthsimple’s growing like crazy, built as a cloud-first business within US tech ecosystems, with deep ties to companies like Oracle and Amazon, investing heavily in San Fran tech startups etc. If you had a Data sovereignty type law come in, the entire financial sector, a “critical industry”, would disappear.
Asking out of pure curiosity–are you Canadian or a tech guy? Is Canada really reliant on the US?
I am Canadian. I’ve worked in the Financial industry for about 20 years (either directly or adjacent to it in roles like auditing). I am an IT guy.
Here’s some more examples / clarifications of it: pretty well all of Canada’s ATMs run on Windows. When questioned about why, companies that provide those systems state that its a requirement from Payments Canada.
Most Financial Institutions use USA-tied backend banking systems – there’s 1-2 “Canadian” providers, but they’re very niche (hence the note about BC’s situation, BC being the western most province in Canada). Companies like FISERV (USA) expanded into Canada a few decades ago – their initial entry to the market failed due to them not caring about differences between Canadian and US financial products. They didn’t bother porting anything, treating things like the US “401k” logic as basically the same as Canada’s RRSPs doesn’t work, and lead to massive problems for many FIs – problems that sank a couple. So they bought out a Canadian product that was called DNA (which ran on Oracle). FISERV is one of the dominant players in the Canadian market.
Canada’s Central1 Credit Union, the trade association / service provider for their Credit Unions, recently bailed on hosting in-country online banking services, after having screwed up their implementation of the ISO20022 really really badly. They ‘sold’ that whole segment of their business off to an Indian Headquartered company which hosts its products in Microsoft’s cloud, uses developers from the UAE, and has only like 1-2 security staff in Canada (so all your security events are definitely going elsewhere). Adding to this, at the start of Central1’s mismanagement of online banking, they had 2 geodistant datacenters on either side of the country – but they hired a US Banker to run their IT department, and he put all their internal stuff (beyond just the online banking) into the cloud, turfing their internal systems. Oh, and in terms of it continuing in this direction even with the turmoil – since 2025, Central has shifted their backend online cheque processing, one of the last items outstanding, into Microsoft’s cloud. So even if you’re using a small credit union in a tiny community, if you write a cheque, you’re reliant on USA cloud infrastructure.
BC’s provincial financial regulators, the BC FSA, put out an RFP about a decade ago noting some serious gaps in their IT framework – the RFP was amazing to read, as it noted things like software that had been EOL for almost a decade, which they admitted they couldn’t support properly, because they’d basically fired most of their IT staff. The RFP was a total “front”/box-checking exercise though, as they’d already chosen who they were going with – the RFP lasted only a brief time, and was tailored to ensure a specific vendor would win (issued June 17, 155 pages of specifications/environment description background, submission deadline July 31 – vendor work startingQ4. A turn around speed unheard of in govt, if they were doing any due diligence). The result was that the BC FSA moved all of its IT ecosystem stuff into Microsoft’s cloud. The industry submits member/customer personal information directly into a site that’s hosted on Microsoft’s cloud – even uses generic Microsoft cloud login infra. So a huge portion of FI customer data is exposed through the regulators of the industry.
Bless you for responding sincerely, I appreciate that so much. I apologize if most of it has gone over my head but is there a movement to detach yourselves from the US?
I have been so in my own head lately and focused on my field of study that I almost feel like an alien. What does this mean in practical terms, how much is my data available to entities I’ve never heard of, can you tell me in practical terms what that means for me/the average person?
Sure, I can try to clarify it a bit, though I may get a bit wordy at times. I can even use recent government docs to support comments, in case that helps a smidge.
So late last year, the government of Canada published a white paper that sort of summed up the exposure risk with regards to data sovereignty, something that, I think, most people in tech have known for decades at this point. The appendix of that document is fairly concise, and generally indicates that there’s no realistic way you can have a “Cloud Service Provider” from a foreign nation, where there’s no chance of interference / pressure / disclosures by that foreign nation.
So someone like Wealthsimple, who’s completely in US cloud technologies, and who’s persona ID (Peter Thiel/Palantir connected) system for doing their “Know your Member” due diligence, has no realistic / practical way to be sure that any/all of their information is being disclosed to the United States government. Similarly, if a cloud service provider is providing services from India, there’s no practical way to ensure that the information they handle isn’t being disclosed to the Indian government. In the states specifically, they have legislation in place that declares the government can make data requests, and that companies can’t disclose those requests to anyone – in the past, this was ‘overlooked’ by many because both Canada and the States had similar judicial systems and a general expectation of habeas corpus, and there was an expectation that international laws would apply on agreements. That’s sorta changed, hence the Fed gov publishing that paper and admitting the risks involved.
A bunch of that is rooted in the nuance of agreements / SLAs. Even as a consumer, you can see the language they use – phrases like “We comply with the laws and regulations of the jurisdictions in which we operate” (and we operate in Panama, so hide your taxes here! sorta thing). The phrasing means if the foreign government demands the data, under the laws/regulations of that foreign government, the company hands it over. Those sorts of agreements aren’t actually saying that the laws/regulations of that foreign jurisdiction, are the same as Canadas – your data can get moved to a foreign authoritarian dictatorship with no regard for your privacy, and it would be totally legal for them to … ignore the end users privacy expectations, which they thought would be in line with Canadas privacy legislation. It’s legal hocus pocus, and one reason lawyers get the bad rep that they do.
In terms of how much is exposed, it varies depending on your service provider/financial institution, and where they have different partnerships / supply chain exposure to these sorts of risks. For example, the BC FSA publicly shows that they require all regulated entities under their purview to submit quarterly Mortgage/Loan reports. They tend to show you what those submissions include even – the LDR for example, includes fields such as your employer, your job title, your income amounts, how much you pay for condo fees, and a ton of other information that realistically can personally identify you. There’s another extract they request for names and other items. All of that information, because it’s disclosed to a system that’s hosted in Microsoft’s cloud ecosystem, by that earlier federal government white paper’s own admission, is potentially exposed and accessible to the US Government through “legal” disclosures by Microsoft. It’s worth noting, I think, that these are all mandatory disclosures, meaning every single Financial Institution that’s regulated by the BC FSA is required to provide this information to the Regulator via Microsoft’s cloud – this is quite explicitly, the BC Government requiring industry to be exposed to Data Sovereignty risks… and to think, the BC FSA’s mandate is to reduce risk in the industry! Doin a bang up job!
What ultimately gets exposed/disclosed to foreign entities largely depends on where those disclosures occur, and what information is sent/transferred. So like, in the above example with the BC FSA, they’re exposing a ton of personal information to foreign actors – but because they don’t request something like your granular payment transactions, that information isn’t disclosed as part of that arrangement. I mention in the earlier post the risks/issue of losing the last BC credit union with a Canadian back end – what I refer to there, is commonly just called a banking system, which is just the sort of “combined” database that has all the data on your account with that specific financial institution. If that banking system is in a foreign company’s cloud ecosystem, all of your data is potentially exposed to those foreign interests, through ‘legal’ channels, even if it’s not in Canada’s general interests.
In terms of direct risks to you as an individual, there are generally two big categories I’d flag: first, is that we can clearly see the USA and other foreign powers increasingly using things like AI, and mass data-gathering, to target political or ideological “enemies” – and to use that targeting to take very real actions against those people. Barring them from entering the country, de-banking/de-platforming people outright, and so on. In the most extreme cases, you could picture some jurisdictions using it to explicitly target individuals – for example, prior to Carney whitewashing the situation, India had previously been allegedly connected to getting the BIshnoi gang to conduct political assassinations in Canada. One way they could theoretically target those actions, would be to get the data from a Canadian company that’d outsourced services to India – especially if that outsourcing included access to Addresses, Names, and Transactions (“You donated to the wrong charity man!!”). Having noted this, I should highlight that there’ll always be SOME risk of this sort of thing with regards to online services – even if the foreign powers don’t have “Direct” access via legal means, there’s no reason to think they wouldn’t then default to attempting hacks / illegal means to access that information. It’s just that the setup basically makes it super easy to do, and defaults the info to being accessible on demand.
The second bigger risk I’d flag is related to service availability and organisation resiliency, which is kind of referenced in my earlier post noting that the FI industry would go ‘pop’ if a data sovereignty law came in immediately. Whether those services get cut off due to Canada enacting legislation that said “You gotta be mindful of data sovereignty, so you CANT outsource this stuff to the people you’ve outsourced everything to”, OR, more importantly, If Donald Trump / the US Administration were to say “You tech companies can’t provide service to Canada, cause we want them to implode and be forced to become a US state”, then those outsourced international agreements go poof, as do all connected services. So, for example, Canada’s Credit Unions and some Banks generally outsource their online banking platforms to Indian multinationals, hosted in US cloud spaces. If either the USA, or India, were to put in those sorts of export restrictions, your online banking would disappear overnight. If your backend is sovereign to Canada, accounts and everything would remain available, but the clipping of all those third parties may result in you likely needing to go in to the branch to get cash – cause, as noted, even the ATMs run on Windows, and cheques / other forms of payment all route through US tech giants. If your backend is in a cloud ecosystem, there’s a good chance the org has a ‘backup’ somewhere – but they’ll need to find somewhere to host it that can comply with the backup structure (some ‘backups’ can only restore to Azure or AWS infrastructure, for example). The FI would still have all their regular reports, so they’d likely still be able to sort out all the big ticket items like deposits totals/ loans owing, but it’d all be delayed significantly due to the volume of the mess – in other words, people would be kept “whole” financially, but it would be chaos, and potentially a long time before the mess got sorted. Most digital payment options would disappear – the one exception potentially being Interac Konek, which I believe is a Canadian-centric option that cuts out a bunch of the US Tech stack – though I don’t know for sure how much exposure interac itself has to this issue.
Not sure if that helps clarify things, or if it muddles it more due to my hamfisted attempts to explain… but anyhoo, hopefully it made sense.
This is absolutely fascinating. Still a bit dense ngl lol. It will take me some time to work through, I feel bad I’m not giving your write-up the time it deserves. Wondering, what would be your ideal solution? You basically wrote an entire essay for me and I’m half in love with you now. Talk my ear off about it anytime
Damn, that sucks.
But what about Palantir?
PALANTIR is being peddled to several EU countries as a mass surveillance AI, and there seems to be little resistance from the governments. right wing govts would love to moniter ANTIFA dissidents.
I feel for that poor, struggling startup. And their cute little CEO is just so earnest!
+5 Freedom Points™ have been issued to your account.
The idea is to ban foreign providers. So Palantir would be included.
I sure hope so. Sweden has been cozying up Thiel during this last four year term. It looks line this government is falling in the upcoming election, but I have no faith that the opposition will change anything there…
The police and such have been in deep with Palantir since long before this current government. They get excused, because it wasn’t as well-known at that time how evil they are… but yeah, I really doubt that the next government would do anything different either.
But hey, the UK are cool with Palantir.
Switzerland isn’t. Palentir even sued the Swiss newspaper that reported on it.
Same in Denmark.
That’s crazy considering the US threats over Greenland.
Same in the Netherlands. There’s still a long way to go
Australia here. Us too, even our supermarkets.
Fuck 'em. I’m gonna render their surveillance useless.
I buy Quilton Toilet Paper because it loves my bum, and I’m not ashamed to admit it!
Coles is your target. I don’t think the others are using them yet.
Same is Germany, already using it with the police
To be more precise, 4 of the 16 german states use it already (of course Bavaria one of the 4). Others are planning to test it and also federal police was probing it but this has been denied by the ministry so far and in many other states there is a lot of opposition to it. So the fight to data sovereignty and privacy continues. Also in 2018 the German supreme court set up high legal barrier to “automated data analysis” which makes it difficult to fully use Plantirs capabilities. You see a detailed analysis of the whole situation in Germany by CCC here: https://media.ccc.de/v/39c3-blackbox-palantir#t=1621
Sweden as well…
I believe AWS has already tried getting ahead of this by introducing their EU Sovereign Cloud offering. I can imagine regulators would still allow something like this, but time will tell.
The European commission is very much aware that a nominally EU company being owned by a US company is still a risk.
Nha that’s not flying. The gag order thingy is still our problem with those « sovereign » clouds… it’s only sovereign until US gov decides it’s not anymore. See SCHREMS and his admirable endeavours.
Yeah that’s bullshit, Microsoft already terrified that that means shit for data sovereignty as the US government can access that data whenever they want, even when it’s in Europe, even when it’s government data.
So fuck those solutions, and any sovereignty claims on that site are just plain lies. The data is stored in Europe, but that is a mere technicality as the US government can view it at any moment they want
How? Isn’t the whole point that data is stored in the EU for services that only operate inside the EU so they are not subject to US Judicial warrants or discovery?
It was the idea. Law only states that data has to remain in EU, so Microsoft servers in Ireland is enough to fulfil that requirement. They still have exceptions on their TOS that they can move that data to where ever they want if there’s a ‘technical need’ or whatever and there’s exceptions on EU laws (or maybe it was a separate agreement) which spesifically permits this. And USA can still get any data as they have leverage over the ‘main’ company, so Microsoft and others just bend the knee and give whatever is requested, no matter where the data is physically stored.
And now as all kinds of as-a-service -platforms, AI solutions very much included, are apparently the best thing since sliced bread, everyone just jumps on the bandwagon and don’t really worry about hanging themselves with a single provider nor it’s country of origin.
Except for the Dutch where the government outsourced the Digid - our national ID and most personal information - to an American firm. Despite concerns from the parliament.
But the new PM is a lapdog to Trump because his mentor and former PM Rutte, is so far up Trump’s ass, he can cut his tonsils.
I do agree with most of this, but calling Rutte the mentor of Jetten is simply not true.
Most of what you say is, though.
Yeah it sucks, but I’m happy with my vote for Barbara Kathmann. She is doing some great work to spread more awareness and trying to stop it.
I read this weekend there was a new court challenge though?
About fucking time. Make it quick.
Read in the voice of Ozzy
Cool!
Let me know when it’s done, because so far Palantir etc are involved in the EU’s plans.
I don’t want the US and the EU to be against each other. I want the EU to realize that the US is being controlled by bad actors and to save us the way that the US saved Germany in 1945. As a citizen, I beg of you to check my logic.
US didn’t save Germany in 1945. It was a group effort
It was. I wasn’t suggesting that the Soviet Union and other Allied Powers shouldn’t be included.
I am suggesting that there is a major failure currently and many Americans are hoping that the EU can support some kind of fix. I’m not even suggesting it is realistic, but we have no other options.
The EU is welcome to share that fix with the Soviet Union (…).
I mean there are other options. But people are lazy and hope others well save them.
Indeed. It’s not exactly a tit-for-tat situation where the Jewish and minority citizens were fleeing for their lives and applying for foreign visas left and right in the 1930s.
People aren’t hiding in someone else’s attic, they’re still scrolling Xitter in their living rooms even though they swore they’d delete their account 6 months ago, while ‘second screening’ some outwardly fascist subscription service on their tv, liking posts about the last national protest that they “couldn’t attend” because their boss asked if they could cover a shift that day.
If you guys truly need saving by this point, you sure are sending a lot of mixed messages to the world at large about it right now.
US saved Germany in 1945
Lol. 8 out of 10 nazi casualties were inflicted by the Soviets. That’s the conservative estimate
The point of your rebuttal is a dumbed-down version of events. The US and the Soviets both had a part.
Regardless, neither position changes the point of the post. I’d also hope the EU helps Russia when they fall (again).
I mean, sure, but if you are saying that rebuttal is a dumbed-down version of events - what the hell is your comment that he is replying to? “US saved Germany” is way more dumbed down.
Yes America who sat back and came in at the end all refreshed and “saved” everyone.
Hey, that’s not fair! They also nuked 2 civilian cities just to prove their might. One of the biggest war crimes in history for which nobody was punished.
Yes, they both had a part, and the USSR’s part was significantly more important. But I know that might get in the way of your American exceptionalism fantasy.
Taking a break from your .ml account today?
Everything I don’t like is tankies!
Yes, this has been my main account for the last year. It’s cute that you noticed.
What do your astute analysis skills tell you about Europe’s collective Stockholm Syndrome that the US “saved” them from the nazis?
I want the EU to realize that the US is being controlled by bad actors and to save us the way that the US saved Germany in 1945. As a citizen, I beg of you to check my logic.
I didn’t think much of it when Merz said something similar, but now it begs the question; are there people out there who believe that the Allies “saved” Germany? Like, with what they did to Dresden, and Berlin? What about Japan? If so, our “education” methods are quite throughout; they can make you believe something very different from what’s in front of your eyes.
I mean they are untrustworthy. They have to share any data they have with the us no matter where it is if asked. These safeguards of the data must be in our country means nothing.
Europe needs to invest in proper cloud infrastructure. The only European cloud provider that is even remotely comparable to the big 3 is Scaleway, and they’re still like 10 years behind in terms of features.
This is doing that. When you are not allowed to use foreign cloud providers, you have to use local ones. So they get business and are able to develop new features.
Good. Finland just last year spent some 600 million euros on new AI system running on AWS, built by a USA company, that, once it’s completed, will handle social insurance related applications. If you need something like unemployment benefits, disability/sickness related benefits, etc. all the necessary information required to handle your application will be handed to that system.
Jesus, even Finland??
Thought you guys were like corruption proof lol
Didn’t the deal get cancelled?
Haven’t heard anything about that. I think they finalized the deal last year. Election system plan canceled, though.
At least the elections won’t get stolen through American interference. But yeah, I think it passed but the justice system has halted it because it isn’t funny legal as worded, or something of such is what I last remember.
Hopefully. Though, currently the system is so underfunded the AI might actually get more people assistance, but I’d rather it be delayed until these stupid right wing parties can be voted out. And now the train line after the Sello stop is getting closed down for the whole freaking summer for the dumbest train line expansion project for Orpo.
Something the rest of the planet should get behind for all the correct governance and security reasons. Palantir meanwhile has somehow (stupidly) been approved for continuation here in the UK.
The world was lazy and how we let America take over our tech is just stupid. We should have digital soveeinty or at the very least other countries involved so we can st least pivot. But no we just let the Americans come in buy every competing company and call it good.
