Re: Sloppy corporate structure. Sloppy security. Sloppy access rights
Had Microsoft put a little bit of thought into the legal implications of its corporate structure:
- A subsidiary company would own the server farm in Ireland
- No one in the US would have access to the data, except for support purposes
Nope. You've already lost the plot at the first point. As long as you have a HQ in the US you cannot escape the demand because you have the control. If you just left a subsidiary in the US you'd be in a better position to claim a lack of control, but then you'd have the issue that the US may start playing other games to gain leverage, like threatening to close your subsidiary.
The simple bottom line is that you CANNOT have a US based HQ if you have any need to protect personal information, and if you have a subsidiary there you have to be prepared to lose it.
This is also why the EU stays out of this - it is entirely outside their control. The only thing they can do is bring it up during trade negotiations, but the EU cannot plausibly require the US to respect EU sovereignty if it does not respect the same for the US - even if that leads to the Irish sub breaking the law as a consequence. The EU has no grip on the Irish sub because there is no legal process running in Europe to access that data. Annoying, but those are the facts.
If US companies would like to fix the clusterf*ck of laws they have in their country which make this possible they are welcome to go home and talk to the people in Washington they sponsored so hard to make it this way instead of trying to get the EU to clean up the mess they made themselves.