well it’s standard “hierarchy of norms” theory of the law, when regulations of different nature piling up…

Also Patriot, FISA-A, and Cloud acts all pretend to be justified by “national security” which times and times again has been considered in the US be a higher imperative in the hierarchy of the norms (in many cases justifying to even bypass the constitution when it comes to spying on US citizens, etc.).

Whichever way you look at it: the NSA and the CIA (and countless other agencies) who have been granted unlimited, unregulated, untraceable access to all data processed by any US company are not subjected to the EU GDPR.

https://www.forbes.com/sites/emmawoollacott/2025/07/22/microsoft-cant-keep-eu-data-safe-from-us-authorities/ iirc, this was about EU servers that were not supposed to forward data to the US by contract

They are also legally required to hand over the data. Do you honestly believe they go against the orange dictator and NSA?