Hacker News new | past | comments | ask | show | jobs | submit login

Of course they do. Because of the CloudAct the ___location of the server doesn’t matter.

A US company has to give access to the data on their servers to the authorities no matter where the servers are located.

They can go to court to prevent it but aren’t allowed to inform their customer.

That violates EU law on multiple levels.




Also EU daughter companies of US tech giants are still legally EU companies (owned by US companies) legally they have to strictly comply with EU law and it matters shit what US law says (from the EU legislative POV) so this puts them into a huge problem spot.


An EU company, even if it is owned by a US company, would not be subject to the Cloud Act and so should not find itself on the spot. The Cloud Act applies to whoever owns the data on the server, not to whoever owns the server.

Here's the situation it was designed to deal with. You've got a US company that has some documents. Law enforcement gets a subpoena requiring the company to turn over copies of those documents.

If the company has used some third party cloud storage provider to store those documents it has to retrieve them. It does this using the exact same procedure it would use if it was retrieving the documents for its own use. To the cloud storage provider this is just a routine data retrieval of a customer's data by the customer.

As far as I know if someone outside the EU buys cloud storage from an EU cloud storage provider, stores some files there, and later retrieves those files the EU provider will not get in trouble if that customer later did something with the files that would not be legal in the EU.

I'd be surprised if most countries don't have something equivalent. For example when German prosecutors were investigating VW after VW's emissions test cheating came to light if they had used whatever the German equivalent of a subpoena is to ask for copies of the emission system source code, would VW have been able to say "Sorry, we've got those in a private Github repository which happens to be hosted outside of the EU, so we can't get them for you"?

I suspect that the only reason the US actually had to have something like the Cloud Act and others don't is because only in the US could you have actually had a chance to succeed in saying that you cannot be compelled to turn over a document that you control and can legally retrieve at any time just because you happen to have it currently stored somewhere that the compelling government does not have jurisdiction over.


> The Cloud Act applies

applies explicitly to daughter companies of US parents no matter which country they are based in


Didn't Microsoft argue this in a US court and lost?


It’s a problem without solution. That have to break one side’s law.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: