Yes that is my interpretation of it. The whole point being that any data stored in US can not be guaranteed to respect GDPR because the US government can request access to that data and the EU citizens don't have a recourse to that.
any US buisness that want to have EU citizens PI needs to have a host in EU.
Not just a host, but the corporation in control of the data can't be controlled by a US corporation at all, lest the US corporation be able to pressure the EU subsidiary into handing over that data.
Exactly. Maybe it was intentional in an attempt to get the US to claw back the CLOUD act, which is the point of contention here. Until that happens, US websites (see: big businesses with a legal department) are likely going to block storing any EU citizen data, which might (but probably not measurably) help prop up local EU services.
