[barbazoo]

> regardless of where the physical servers are, as Facebook is still subject to the US subpeonas and they are legally required to give data to the US even if it's on a European server

Is that so? I'd like to know more about this then, I don't see how that would be practical at all then.

[roywiggins]

This is explicitly authorized by the CLOUD Act:

> Principally, it asserts that U.S. data and communication companies must provide stored data for a customer or subscriber on any server they own and operate when requested by warrant, but provides mechanisms for the companies or the courts to reject or challenge these if they believe the request violates the privacy rights of the foreign country the data is stored in.

https://en.wikipedia.org/wiki/CLOUD_Act.

[barbazoo]

> when requested by warrant

I think that's the difference. Facebook could be forced to keep all PII in the EU for the purpose of protecting peoples data from unlawful (EU) use but still have to surrender it to US law enforcement. Would that violate the EU law?

[philistine]

It does. A US warrant is incompatible with the EU privacy garanties.