[simiones]

If your data is in Russia, the Russian government can do what they want with it, within the limits of Russian law (at least theoretically). If your data is in France, the French government can do what it wants with it, within the limits of French law (at least theoretically).

Now, most countries have close to 0 protections for non-citizens' data - particularly, the USA has 0 protections for a French person's data sitting on a Google server. If a US government agency wants to read this French person's data (of any kind, including, say, medical records), they can ask Google for access to it and, if Google agrees, they can just use it. If Google doesn't agree, they only need a warrant against Google, not against the French citizen in question.

The same is NOT true for a US citizen's data - which is more or less sufficiently protected, at least theoretically. But foreign nationals' data that happens to reside in the USA has 0 legal protections from the US government.

On the other hand, the US government can not (legally) obtain data that resides in France or Russia, unless they work with the French/Russian legal system to obtain access to that data.

[tantalor]

> US government can not (legally) obtain data that resides in France

Explain how? If the US govt orders "copy the data from FR to US, or else" and the French govt orders "you can't do that, or else" then what is the company to do? They are breaking the law no matter what. Something has to give.

[simiones]

In general, such international disputes can be arbitrated either at a diplomatic level between the two governments, or by an international court.

[foxfluff]

If they're an European company operating and hosting in Europe, the US government has no jurisdiction over them.

If it's an international company, sucks for them (until the countries harmonize their laws to guarantee reasonable privacy protections for everyone internationally). That's exactly why people are now looking for local alternatives to Google et al.

[YetAnotherNick]

> If they're an European company operating and hosting in Europe, the US government has no jurisdiction over them.

No it is not true. Region of operation is completely irrelevant. US could arrest Kim Dotcom. Or non European companies have to comply with GDPR for European customers.

[foxfluff]

It's not completely irrelevant. The US has to cooperate with whichever country Kim/Julian/etc resides in. That country can totally reject the extradition request.

[YetAnotherNick]

They only have to contact them because Kim was not in US soil. They would have to request for any people including American citizens if they are physically in some other country. If Kim decided to vacation to US they could skip all the extradition requests.