[tzs]

The whole point of setting up the EU subsidiary as a separate company that is incorporated in the EU and is managed and staffed by EU citizens is to avoid this.

The purpose of the CLOUD Act was to get at data that was stored outside the US but that was "in the custody, control, or possession of communications-service providers that are subject to the jurisdiction of the United States".

It arose from a situation where an email provider in the US used cloud storage services in several countries to store emails. They were asked for the email of a particular customer and said they did not have to provide it because they had happened to store that customer's mail at a non-US cloud provider.

What the CLOUD Act requires is that:

> A provider of electronic communication service or remote computing service shall comply with the obligations of this chapter to preserve, backup, or disclose the contents of a wire or electronic communication and any record or other information pertaining to a customer or subscriber within such provider's possession, custody, or control, regardless of whether such communication, record, or other information is located within or outside of the United States.

A company incorporated in the EU, even if it is owned by an entity in the US, is not subject to US jurisdiction and so that does not apply. The US owner is subject to US jurisdiction but the data of EU customers of the EU company is not in the US owner's possession, custody, or control.

[spwa4]

> The US owner is subject to US jurisdiction but the data of EU customers of the EU company is not in the US owner's possession, custody, or control.

No? Certainly sounds like it is in the US owner's control to me.

But even disregarding that fact. Given that the US government also started hiding what it was doing with FISA courts and forbidding that anyone, including the companies themselves, checks what actually happens ... do you think anyone will believe this? We HAD evidence of US companies refusing to hand over data before CLOUD and FISA, we do not see that anymore. (And that's before we start taking into account more some recent administration's respect for ...)

Of course this is also pretty hypocritical since EU countries have been caught more than once capturing communications of non-citizens. The problem that usually gets mentioned: the Boeing - Airbus fight wasn't a one sided US being untrustworthy to help Boeing.

[ta20240528]

"A company incorporated in the EU, even if it is owned by an entity in the US, is not subject to US jurisdiction and so that does not apply."

Incorrect, this is EXACTLY the scenario that the Cloud Act was introduced to to handle.

What happened is in 2013 Microsoft Ireland refused an FBI warrant for information held on EU servers, under the control of MS Ireland.

Microsoft USA refused the warrant on the grounds on the jurisdiction grounds you mentioned above.

So the Cloud Act was passed: US law for access to digital information applies to any subsidiary anywhere on earth.

Sorry.

[dogma1138]

Do you think the US board of Amazon will go to jail to protect their EU subsidiary?