Envoy seems to have proven that their software security was not at fault in the Atlassian employees' data leak (that it was actualy an Atlassian employee credentials' that got cracked, i.e.).

As a space operator, or as a Prop Tech software vendor, what is your "Data Collective" (or "Data Space" as we will soon say more and more in the EU) strategy, with members of local communities and spaces?

Do your legal and KYC and recovery plans in case of data leak vaguely stop at GDPR's lowest requirements (at best), or are you going further? We have a new GDPR-like and aligned Swiss law going into force September this year (nLPD). With the latest EU Parliament stance on doubling down against a "Privacy Shield 2.0", thus reinforcing the risk on using US SaaS relying on US cloud services (e.g. using Google Analytics in Europe is already considered illegal, if you need an easy and strong example), I find this conversation so nonexistent it baffles me.

Note from Hector: I agree that this topic should be expanded on, in this week's discussion as a first, but also with every platform and service as often as possible.