The sad thing is that Europe also has laws enabling law enforcement access to data, including (until recently) mandatory retention of certain data by ISPs. All this is about is mass surveillance without due process. All that would be required to fix it is interpreting the Fourth Amendment in the same way as Article 8, and abolishing the whole secret court infrastructure.

> The Court adds that legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life.

> Likewise, the Court observes that legislation not providing for any possibility for an individual to pursue legal remedies in order to have access to personal data relating to him, or to obtain the rectification or erasure of such data, compromises the essence of the fundamental right to effective judicial protection, the existence of such a possibility being inherent in the existence of the rule of law.

And now is quietly going back:

http://arstechnica.com/gadgets/2015/09/report-google-will-co...

One of my Dutch banks, a small investment bank, kicked me out because I am on a temp visa in the USA. This means I have to pay taxes here and therefore need to report my Dutch bank accounts with the IRS. They told me the US penalties for not reporting 100 % correctly on my money with them were so outrageous that they preferred to boot me.

Yeah, the special rules for U.S. persons are a result of U.S. forcing banks doing any business in U.S. to apply special rules to U.S. persons. https://en.wikipedia.org/wiki/Foreign_Account_Tax_Compliance...

It might not be the only country, but such taxation practice is definitely not the norm.

Unfortunately, there's little chance of normalizing the laws with international custom, since I can already see the attack ads about tax breaks for the wealthy.

Estonia is the only other country which taxes citizens on foreign-earned income.

To wit, non-profit doesn't mean "doesn't take in money." IIRC, it means that the organization doesn't distribute surplus income (profit) to shareholders.

So, a non-profit that took monies from EU citizens I think would still possibly be affected, unless there's EU laws that make non-profits a different class of business subject do different laws.

Note that I said "de facto", not "de jure". Nobody would bother suing a non profit that doesn't have EU offices unless you were very large and/or very prominent and/or doing something really nefarious about the data you have. And even then, suing an US company with no EU standing in front of an EU court from an EU citizen complaint is far from easy.

The same reason that if, say, Texas introduce a law that says everyone commenting on a texan website needs to be polite and I post a comment with some name calling, suing me as someone not from Texas nor the US would not be very doable, even though I technically infringe on that law.

Actually, the fundamental rule of data protection legislation is that an organisation can store data on its subscribers and can not except in limited legally prescribed instances (e.g. lawful intercept, insurance fraud) share it with another organisation.

The issue at the core of the Schrems case is that Facebook for example is not bound to respect this, or any other fundaments of EU data protection law.

However, if you register with a website that is clearly and overtly outside your data protection jurisdiction then it is "you" who is freely providing that data. Just as you might give personal information over a transatlantic phone call.

The EU has no jurisdiction where the company is not in the EU, and cannot prevent an individual from sending their private information outside the jurisdiction if they want to.

But various of these multinationals such as Facebook are in the EU for various operational reasons and as such the EU does have jurisdiction over them.

Perhaps more relevant to the data retention laws, would be a site sharing passport numbers, names and addresses of EU citizens, perhaps collected at stays at motels/hotels across the US? The site might host them for free - but keeping/sharing that data without consent wouldn't be allowed under EU law. The particular example would probably also be illegal according one or more US laws (state or federal) -- but I think it is still more interesting than the rather silly things people get hung up on?

Even the current directive likely doesn't require satisfying all nations separately; since the various schemes are supposed to be compatible (i.e. conceptually safe harbor, though it's not called that, does apply within the EU), if a business hosted its data in one country and served others from there, they'd likely be safe.

There might be some bureaucracy to ensure that you really count as being hosted there (e.g. possibly ensuring that the parent company cannot access said data - which would be problematic for some companies), but AFAIK (IANAL) there's no legal distinction between EU and non-EU companies in this kind of rule.