I'm thoroughly back in the flow of things. Still a bit more like navigating a rapids than a meandering stream but things are good.

I've put out a Regular Programming episode about Good Software that I hope you'll enjoy. I also published a post I'd had half-completed in drafts for too long about whether LiveView is overhyped.

On the sponsor front we still have Bzzt, a scrappy startup with interesting technical problems to solve that's hiring in my native Sweden. And we have West Arete which I just had someone retweet with "10.5 weeks off a year? From an American company?" and that's just one part of how they try to make working there the best years of that person's professiona life (to paraphrase the CEO).

If you want to know when new opportunities come up, you can keep reading this or sign up to the job-specific list. I'm still open for more companies that want to find Elixir developers with my help and make their presence known in the Elixir ecosystem. More details here.

A Parallel Cloud World

There is an absolutely absurd legal situation in the EU with regards to the US right now. I've touched on it before.

Essentially you cannot store information about people with a US-owned provider if you are a EU company or if your customers are from the EU.  That's the brass tacks downlow pigs and bunnies take on what the Schrems II ruling means. The US does not protect people's personal data to a standard acceptable to the EU. Since the US has legal avenues to compel companies to provide data that they have it is essentially practically impossible to usefully comply with while using a US-owned provider. This is widely violated of course as it would take most of the tech space off the table.

So what's the opportunity?

Well. A lot of organisations have pressures to comply with regulation, especially public sector and other heavily regulated sectors and over time, unless politics manages to clear this up (which seems unlikely, another topic) everyone will come under this pressure over time.

So people want to use their SaaS services, they still don't want to manage that stuff themselves. The most straight-forward business would be to offer SaaS founders in the US to be their EU offering. If you are an EU citizen and start a business you could license the SaaS software, host it with EU-only providers (Glesys and Hetzner are top of mind for me on this) and share no data aside from sales numbers with your sibling business.

Another, cheaper approach but where you'd need to do more marketing is to host open-source variants of tools in the EU.

Another one would be execution, helping companies transition from illegal services to acceptable ones and you'd just need to find good providers. I'd typically start with shifting people from Google Analytics to Plausible Analytics. Seems like a straight enough path. I don't know if there's a Mattermost provider in the EU that you could use instead of Slack/Teams. So this is essentially a fairly repeatable consulting thing, similar to GDPR compliance work but more hands-on.

The funnest and hardest is probably to start building a parallel world of EU cloud services. The amusing bit is I think US companies can use an EU provider just fine. But not the inverse. Stripe for the EU is a big lift I bet. Shopify? Printful? There are CDNs but there are so many other services that are just US-based or run on US-based cloud providers which typically means you can't store a single bit of PII in them.

So this is what opportunity looks like I think. It may be temporary but I'd bet the desire to avoid these types of issues by being on EU services only is going to be a strategy for plenty of orgs in the next few years.

Am I full of it, will the status quo win? I'm happy to discuss and you'll reach me at lars@underjord.io or on Twitter where I'm @lawik.

Thank you for reading, I appreciate your attention.

- Lars Wikman