Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

To fall out of scope of the CLOUD act, the subsidiary needs to be independent and prevent any data access by its holding company. The holding company can in no way have "possession, custody or control", which are not well defined so that doesn't make it easier to assess if a subsidiary is out of scope.

https://jnslp.com/wp-content/uploads/2020/05/Defining-the-Sc...



So is it likely the European Commission did this in an attempt to block US companies from offering internet services to the EU (or at least, internet services that handle user info)? It's pretty hard to make a profit or operate in the EU if you literally can't control that entity.


Schrems II (and the Privacy Shield invalidation) has been in response to the aggressive data collection by the US government, and the extra-territorial nature of legislation used to achieve this. The US is able regain access to the EU market by repealing/changing CLOUD act and similar legislation, so I personally don't think this is (primarily) done to block US companies. However I am not the one implementing these rulings, so the best I can is speculate.


It seems pretty hard to think the US will drop the legislation every 3-letter-agency had wished for over the decades before it became law. The only thing I can imagine that actually gets the law changed is if the EU heavily invests in prosecuting these cases, to the point that tons of US companies worry they'll lose access to the EU market (with non-negligible fines to back up the law).


> So is it likely the European Commission did this in an attempt to block US companies from offering internet services to the EU

More like the European Commission did this in an attempt to protect European citizens from having their personal data exfiltrated against their will to the US on order of US law enforcement agencies.


No, EU had an agreement with the US called Privacy shield that allowed US companies to process EU data. However this was struck down by US courts and that is what leaves us with this mess.


> However this was struck down by US courts and that is what leaves us with this mess.

According to Wikipedia, it was struck down by the CJEU, not by a US court:

"The EU-US Privacy Shield for data sharing was struck down by the European Court of Justice on the grounds it did not provide adequate protections to EU citizens on government snooping."

https://en.wikipedia.org/wiki/EU%E2%80%93US_Privacy_Shield#L...


If anything, it was a move to push US legislators to respect foreign privacy laws.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: