[AndyMcConachie]

There is no easy answer to this question.

For example, what happens if US courts demand data you have stored on Irish servers,[1] but an EU citizen asks that you destroy this data?

Do you destroy the data and risk being charged with destruction of evidence in the US? Or do you keep it and risk being non-compliant with the GDPR?

[1] https://www.theguardian.com/technology/2014/apr/29/us-court-...

[throwawaymanbot]

I would imagine, since the EU is where the Data resides, and the EU is the legal jurisdiction, that the EU would take precedence. Its monumental nationalistic and legal hubris to think that American law takes precedence anywhere in the world, let alone with an ally as large as the EU.

[luma]

Be that as it may, there is nothing to stop US authorities from charging US companies with crimes if they were to comply with EU laws. They are in direct conflict, and any internet-based company operating on nearly any scale is in danger of running afoul of these sorts of issues. This isn't a Google/Facebook only problem, this is a problem for any web service that might store user data.

[throwawaymanbot]

This is a US Govt overreach problem. Not an EU directive problem.

[k-mcgrady]

Maybe the EU/US Privacy Shield will help handle situations like the above.

[ryanlol]

>there is nothing to stop US authorities from charging US companies with crimes if they were to comply with EU laws

There is nothing stopping you from shooting yourself in the foot either. (Or stabbing I guess in case you don't have access to firearms)

[alexeldeib]

Just FYI, this case was reversed on appeal (i.e., against the government). I recall there being some buzz with the government potentially pushing for further court action, but as far as I know that's the current status.

[ryanlol]

>There is no easy answer to this question.

Of course there is. You comply with both laws or suffer the consequences. If you can't comply with both, you choose the cheaper law to break. If that's too expensive, your business sucks.