[pash]

Barring unusual claims of extraterritorial jurisdiction by either the United States or the European Union (or any of its member states), Google and other American tech companies may be able to comply with both US and EU law by handling data on EU users only within the EU, through EU subsidiaries.

Under that arrangement, the EU subsidiaries of US tech companies would not ordinarily be subject to US laws requiring them to hand over data to the NSA, so those subsidiaries could comply with EU privacy laws with no problem; at the same time, EU law would not reach the US parent companies, so they could give all the data to the NSA that they must in compliance with US law.

But because the Obama administration recently expanded the United States' already broad (by international standards) claims of extraterritorial jurisdiction in another matter,† it now looks like the United States might indeed claim the legal power to compel foreign subsidiaries of U.S. tech companies to hand over data they control to the NSA. In that case, those foreign subsidiaries would find themselves in an impossible situation, one in which they would be operating illegally under either EU or US law no matter what they do.

† — See my comment above, at the same level as this one's parent.

[jacalata]

This doesn't seem easy for facebook, at least. I live in the USA and regularly read my European friends facebook pages, and they comment on mine. European facebook users can travel to the USA and access their facebook page while here. How could you implement this kind of separation?

[makomk]

I'm not sure claims of extraterritorial jurisdiction by the US really count as unusual in this day and age.