Yes, U.S. authorities can spy on EU cloud data. Here's how

The assertion breaks down at this point: "So, Slicklizzard U.S. Corp. instructs its subsidiary—which it wholly owns, and therefore can order its London-based subsidiary to carry out actions, without reason or prior warning, to send all of Doe's data from its Dublin data center to its U.S.-based data center."<p>This involves ordering UK employees to move personal data out of the UK, and assumes that they're willing to be complicit. Most of the teams I've worked with would rather obey the law than a potentially illegal request from their US colleagues.

&#62; <i>Former Microsoft privacy chief Caspar Bowden, speaking at a panel discussion in Brussels this week, warned that U.S. law allows the government to spy on non-U.S. citizens files and documents, and that new Europe-wide data protection law proposals specifically allow such surveillance.</i><p>The ancient ECHELON programme tells us that the US (and others) have no problem spying on citizens, using loopholes to spy on their own citizens.<p>The horrible state of encryption means that most people can't justify encrypted cloud storage because the cost : risk : reward and threat modelling stuff is unfavourable.<p>It's pretty scary that all this stuff is ending up on random servers across the world.

The reverse is also true: <a href="http://www.hoganlovells.com/files/News/c6edc1e2-d57b-402e-9cab-a7be4e004c59/Presentation/NewsAttachment/a17af284-7d04-4008-b557-5888433b292d/Revised%20Government%20Access%20to%20Cloud%20Data%20Paper%20(18%20July%2012).pdf" rel="nofollow">http://www.hoganlovells.com/files/News/c6edc1e2-d57b-402e-9c...</a>

What if Slicklizzard US is the subsidiary, could the US still request the information from Slicklizzard UK? Is any kind of presence in the US enough to enforce the FISA warrant?

All data that is not under your direct control must be assumed to be immediately accessible by the authorities.<p>Thinking at the extremes is a really useful thought model because it makes stuff like the above relatively unsurprising. It also modifies one's behavior to protect oneself from the most likely worst case scenario.

Binding corporate rules for data processors was inserted into the European Commission’s data protection regulation proposal with loopholes built-in which allow for FISAAA surveillance.