Looks like endgame.
Start building those EU data centres and make sure there's a good legal firewall between their operations & the US corporation. You know you're going to need them.
The Irish Data Protection Commissioner has referred Max Schrems' original complaint to the EU Court of Justice to determine if Facebook's transfers of personal data from the EU to the US is legal. Transatlantic data sharing has come under tight scrutiny following the collapse of the Safe Harbor agreement after a Court of …
"What appeals? The UN? They've taken it to the EUCJ for a definitive ruling."
The ECJ will rule on law. It's up to the national courts and regulators to interpret how that law fits the facts. And that interpretation can be appealed, and the appeal itself may lead to another need for the law to be clarified - indeed that's what happened here.
This process can carry on until each side stops coming up with novel arguments. By which time the legislators will have intervened and opened up new avenues for clarifying how national law applies EU law.
Start building those EU data centres and make sure there's a good legal firewall between their operations & the US corporation. You know you're going to need them.
Won't help due to leverage. In the case of a subsidiary (say, Microsoft Ireland), you're deemed as owner to have enough power to compel certain activity. This stance is assisted by the refusal of US law to acknowledge that anything else exists in the Universe - US courts couldn't care less that complying with a US order for disclosure could cause the subsidiary to be in breach of local laws.
It's getting slightly better insofar that moving your HQ from the US will now help a bit, but a while ago I informally spoke to lawyers* of a rather well known US company when I was in Brussels for some briefings, and they were working from the principle that even having a man and a shed subsidiary in the US was putting them (and, by implication, their many, many EU clients) at risk of leverage attempts. This is why you now get big hosting projects and resales set up: they're mainly tests to see what amount of work needs to be done to create feasible proxies to indeed establish that sort of isolation.
In the case of a contractual relationship, if the DoJ can make it stand that you have set up such a contract to specifically work your way around US law you have a problem too.
The latter, by the way, is far more complicated anyway: in most countries, hosting the data of your company deems said data to remain under the jurisdiction of origin. I see that a lot with UK and US companies who think that just hosting their data abroad somehow makes it magically exempt from local law. In that sort of construct, that data is usually still considered local and remains under local jurisdiction. It can be done (after all, that's what I do), but it's not as trivial as most people think - there are /lots/ of gotchas, both in law and in practical implementation.
* I'm not a lawyer, I just have many dealings with them.
This post has been deleted by its author
Once all the biddies and chavs vote for Brexit we won't be subject to all this silly privacy business, and we will be happy to let MicroFaceTwit slurp our data across the pond at will because we are their special best friends and that's A-OK.
/ If you can't spot the sarcasm, see a doctor
Except FB/G/MS... aren't building their datacentres in the UK so they will need an agreement between the UK and the EU over data transfers that allows the data for non EU citizens to be imported into EU land and then published to the world from there in order to escape EU laws.
If brexit happens then it might be the case that FB won't even be allowed to ship your data as far as Ireland. The tech companies won't want to be building data centres somewhere else in case that then leaves them open to being raided by the taxman.
This is looking like a lose lose lose situation for them.
"If Brexit happens, the corporations and the UK government will be free to violate our privacy without any of this annoying interference from the CJEU."
True but they'd still have the European Court of Human Rrights to interfere with them. I don't think May would get very far with trying to resile from European Convention of Human Rights (damn them for having the same initials - it means I have to type out both in full). She might be reminded of Churchill's part in that.
So many sites these days have an embedded "Social Media De Jour " button in them, so since I don't have an explicit contract with the SMDJ they must not do anything with the data they get from that button then. And if they are doing stuff with that data then they are braking the law ?
"Here at the DPC we sat on our ass for another year doing little in our one-room above a Spar except to stall the whole process. Because we're just a wing of the 'lite touch' Irish government... The one that gladly welcomes every single US corporation to our low-tax haven shores.
The last thing we ever wanted to see was this Max-Headroom guy (bloody students). That's why we always shot him down before. But this way we can pass the buck onto the EU and blame them, and still get more US corporations to come and play their 'inversion' games here".