This has been around for a while under the guise of "data sovereignty".
If you look back at search results for that term, there are now laughable comments particularly by Microsoft that your data is safe in the US because even the Patriot Act requires warrants right? Little did they know...
I'd argue that a company that explicitly agrees to work with the NSA, for example by handing them over Windows security holes to be exploited by the NSA (and potentially other hackers), knows exactly the kinds of things that are going on.
Even more ironic are the "digital safe harbour" provisions that cloud providers have been operating under, telling their clients that the law requires the US government to treat servers put under those provisions as not located in the US.
The irony being that since the servers are "not located in the US", they are even more easily targeted by the NSA since the NSA considers the rest of the world to be sub-humans without any rights.
To nitpick somewhat, at least in the case of the US-EU safe harbor protection, it meant that certified providers were to provide the same protection to European data as it would have in the EU under the relevant EU directive, it doesn't have anything to do with location of the servers. The certification, however, is a complete joke since companies can self-assess and register themselves as safe harbor compliant.
The certification, however, is a complete joke since companies can self-assess and register themselves as safe harbor compliant.
And this creates a genuine difficulty for EU businesses, because it's no longer credible to claim that you thought a US business was compliant because of safe harbour arrangements. It may therefore not actually be legal under European laws to export personal data to those US businesses any more. If any European company did so, and as a result there were negative consequences for the subject of the data, that could lead to a nasty lawsuit for the company that did it, even if their actions would have been considered reasonably diligent because of safe harbour a few years ago.
If you look back at search results for that term, there are now laughable comments particularly by Microsoft that your data is safe in the US because even the Patriot Act requires warrants right? Little did they know...