[vidarh]

Not quite. The EU Data Protection Directive requires that personal data a company collects can not be moved somewhere where the consumer will have weaker protections than in the EU.

This has required some workarounds, such as "safe harbour" provisions that US companies need to accept in order to receive personal data from EU companies that have collected them from users, which basically boils down to that the US company need to agree to comply with the same basic rules as if the data had stayed in the EU.

End users can pass their data to whomever, whether or not they comply with these rules.

[qwerta]

But US companies are target to NSA survailence and data disclosure, so they can not comply with EU regulations by definition.

[vidarh]

Some have made that argument, but EU companies are also subject to disclosure laws. E.g. Regulation of Investigative Powers Act (RIPA) in the UK. So it is unclear whether this would affect anything.

That said, one of the objections that caused the Data Retention Directive to fall in the EU courts was privacy considerations, so who knows. To find out we'll need a lawsuit.

[mapleoin]

So are EU Companies as we have seen...