[nacho2sweet]

From my understanding (I could be wrong) and why I have to follow all these rules here in Canada, is the USA made a homeland security law in like 2007 that said law enforcement can have access to any foreign individuals data without a warrant/good reason.

So now when picking services I am not allowed to host on any non Canadian servers if we are hosting personal information about staff/users etc. It can be a simple event registration system, survey, or just having to be really careful when using cloud services. I even have to watch out when sharing a innocuous file over Slack.

This really sucked when stuff was moving over to cloud and we wanted to use a lot of hot new stuff, but most providers get it now and provide Canadian servers so not as bad finding compliant vendors.

[908B64B197]

Ultimately, isn't it the owner of the server who's targeted by the laws? Where the server is really doesn't matter that much.

[PeterisP]

One thing is that usually the local server would be owned and managed by a local subsidiary of that foreign company - it may even be a requirement, to have them be run by a local company (even if fully owned by a foreign entity) with local responsible officers.

Another issue is establishing jurisdiction; if the server is held locally, then it's clear that local laws apply to things done on that server - the owner of the server can't claim that they e.g. got a US subpoena and did some stuff in USA that fulfills all the USA legal requirements and everything that's it; if the server was physically located in e.g. Canadian soil, then it means that the violation (if any) happened "in Canada" even if it was done by USA-located USA citizens of USA company.