
Europe continues to wrestle with the long arm of American law - laurex
https://www.european-views.com/2019/09/europe-continues-to-wrestle-with-the-long-arm-of-american-law/
======
danielfoster
This article jumps from the CLOUD Act to the extradition of Dimitry Firtash to
something about the US financial system to Iran... I see each point but this
piece feels more like rambling than a comprehensive examination of any
particular issue.

It's very confusing that the article intertwines domestic issues (the CLOUD
act) with unrelated foreign policy issues.

I'm sure there are much better articles on this topic somewhere.

~~~
gmueckl
I see the contrary. The US has started to try to enact its laws outside its
boundaries in ways that run counter to international conventions. This is
maybe not a strategy, but at least a general trend. The article tries to make
that obvious by listing examples that underscore how broad that trend is. You
have to look elsewhere for the juicy details. There's a lot to be discovered.

~~~
agapon
Among those examples, it's interesting that Ukraine would gladly either
prosecute or extradite Firtash -- a citizen of Ukraine, but Austria does not
let either to happen. And I think that it speaks heaps of Austria and its
business and political elite's connections to Russia.

------
RcouF1uZ4gsC
> Washington cannot have a veto over European legislation or foreign policy
> initiatives

In regards to foreign policy, Europe will really have to invest in its
military capabilities if they want more independence from the US. The fact
that Europe was not able to effectively intervene in either Bosnia or Libya
without US assistance when they are literally in the EU’s back yard means that
the EU foreign policy will play second fiddle to US foreign policy.

~~~
jnurmine
To understand the situation of today it is helpful to understand the past; the
European efforts to build up a common pan-European defence infrastructure has
been traditionally continuously torpedoed by Great Britain and this has taken
place over a long period of time.

There are of course reasons for this, and obviously Great Britain is acting in
their self-interest (they don't want a "shadow NATO" and they don't want to
diminish in importance in USAs eyes, UKUSA/FVEY etc.), but Great Britain's
interests are not really in the interests of Europe as a whole.

Now that Brexit seems to be happening, one way or another, expect to see a lot
of European Union movement in the defence area. Also, time will tell if the
e.g. UK Joint Expeditionary Force will stay in existence and enhance the new
pan-European defence mechanisms with, among other things, British nuclear
weapons, or not.

Furthermore, it is very naïve to assume that Europe is not already doing full-
on preparations for the military implications of Brexit as well as the everso
more likely dismantling of NATO. Mr. Trump has been signalling the latter for
a long time, and even though much of his output seems to be a clumsy way to
lure EU into doing more military business with the USA, the fact is that the
White House and particularily the President of the USA is acting more and more
erratic every day, so basically anything could happen (and probably will!).

Having a strategical autonomy and owning a substantial defence ability and
capability is an existential issue for Europe, given its geographical
location, as well as the increasingly hostile political rhetoric and gray zone
actions of its neighbours, as well as the continuously erratic behaviour of
its number one ally.

~~~
osullivj
All good points. However, it's important to remember that France remains at
the core of the EU, and has her own nuclear weapons (force de frappe) and
large military. There was always a tension between UK participation with EU
diplomatic/military initiatives, and UK alignment with the Anglophone world
for military and intelligence cooperation: US leadership and fives eyes
intelligence cooperation with US, Canada, Australia & NZ. The US/UK "special
relationship" is a cliche much favoured by British politicians, but it does
have real substance in the close military and intelligence cooperation. Of the
world's five official nuclear weapons states, only one of them buys rather
than builds - the UK buys the Trident missile system from the US. The warheads
are of course UK manufactured with plutonium from our nuclear power stations.
The UK was the first country to build nuclear power stations in the 50s.
Propoganda at the time was all about clean cheap electricity. But their
ultimate purpose was to generate plutonium for weapons.

------
InTheArena
Not a very well reasoned article. I think you can make a general argument
about the role of US power, but in terms of legal structure, there is no
question that GDPR - at the moment - is by far the most invasive on laws that
apply to other countries, without respecting sovereignty. Similarly cases
requiring other countries to censor peach - although as this article notes,
this was brought back down to earth.

------
rebuilder
I Don't see what the conflict between the CLOUD act and GDPR, as described in
the article is. GDPR requires companies to get consent before storing data,
the CLOUD act enables US authorities to demand access to data even if it is
stored on servers outside the USA.

~~~
pjc50
> The CLOUD act enables US authorities to demand access to data even if it is
> stored on servers outside the USA.

That's the conflict. The GDPR imposes conditions on transferring that data to
the USA. See [https://gdpr-info.eu/art-44-gdpr/](https://gdpr-
info.eu/art-44-gdpr/) and following sections especially [https://gdpr-
info.eu/art-49-gdpr/](https://gdpr-info.eu/art-49-gdpr/)

If the data is not adequately protected - if it is fed into unaccountable law
enforcement databases - then the transfer may not be lawful.

~~~
big_chungus
> the transfer may not be lawful

Lawful under whose law? It's legally required by CLOUD act, so mandatory under
American law. This is the long arm of Europe just as much as America.

You could have a company based and hosted in Belize that stores data about a
European who committed a crime in America. America can demand that data under
her law; Europe can demand it deleted under hers. Who is right?

This is the making of both entities, not just America, unless there is some
legal reason that the European law ought to take precedent. It's pretty clear
what to do if you're incorporated in Europe or America; you follow the law of
your base of operations. For multinationals or corporations alien to both,
however, there's a dilemma.

In other words, your moral favor towards GDPR doesn't make it more legally
important than CLOUD, nor vice-versa. Both are just as significant for an
alien company or for a multinational.

~~~
gmueckl
Ever since the Peace of Westphalia, the international law is that each country
sets its own laws for its own territory. Country A cannot enact a law that is
effect on the territory of country B. So if the data is physically stored in
the EU, it is naturally subject to the GDPR and no law outside the EU can do a
damn about that. The CLOUD act, on the other hand, breaks that principle: it
tries to compel actors outside the territory of the US to comply with US law.

~~~
rebuilder
Is it that clear-cut? The "actors" would be companies with a business presence
in the USA. It's the data that is stored outside the country.

I suppose the closest equivalent would be financial assets, e.g. funds held in
bank accounts. Can a court in the USA order a US company, or one doing
business in the USA, to hand over assets held in a foreign bank account?

~~~
gmueckl
Your question is missing an imprtant stipulation: "when it is illegal for the
bank to execute that order under the laws of the country in which the bank
account resides." In this case, compliance with the court order is simply
impossible. No ifs, no buts.

~~~
tzs
The bank wouldn't be the one executing the order. In a situation analogous to
a CLOUD Act situation, the account holder would be ordered to withdraw the
money from his foreign account and turn it over. To the foreign bank, it is no
different than any other customer withdrawing money from their account.

~~~
gmueckl
No, the client gives the order and the bank executes it. If the order is
unlawful for the bank, they cannot execute it.

------
parsimo2010
I don't see how this is confusing to people. EU and USA laws don't apply to
the data- you can't put data in jail and you can't fine data. The laws apply
to the people that control the data. It's not about whether or not the data is
stored in a particular locality, it's whether or not there is a person within
your jurisdiction that has access to/control of the data (if a server is
located in your jurisdiction that implies that a person is around to shut the
server down). The big issue is that we underestimate the exposure we have to
other countries, especially if you sell a service or ads to foreign entities.

The large scale of big websites means that they have people working in
multiple countries, so they are subject to multiple sets of laws. I don't
really think any American lawyer is arguing in a courtroom in the EU that
American laws apply in Europe. But they might be telling a company HQ in the
EU to follow American laws or they will shut down their American servers, bank
transactions, employees, and supporting contractors/software- all of which
_are_ subject to American laws. And if a European citizen travels to the USA,
breaks the law, and then travels back to Europe, then an extradition request
is valid, and the EU is going to have a tough time if they deny it.

The EU won't comply with an extradition request from the USA if the law wasn't
broken in the USA. However, I think we often underestimate the amount of
exposure that these multi-national companies really have. A company in the EU
can't flaunt American laws and tell their American employees to break American
laws.

So when we find situations where it is literally impossible to comply with
both the GDPR and CLOUD act these multi-national companies are going to have
to separate themselves. Facebook-EU and Facebook-USA are going to have to have
a big wall between them, and there can be an API that lets Facebook-EU users
see the profiles of Facebook-USA users, but they will have to be separate
entities to comply with each set of laws, and so that American lawyers can't
pressure Facebook-EU to comply with something by threatening the American
version.

------
imgabe
Meanwhile here in the US I have to acknowledge that websites use cookies
500,000 times a day. Thanks, Europe.

~~~
janc_
That has nothing (or not much) to do with Europe, but everything with the
website owners/makers.

~~~
briandear
Those website owners put those cookie notices up just for fun?

~~~
brnt
Because they want your data. If they didn't, no need to give the user any
options.

~~~
Permit
Before this law websites collected my data. After this law, websites collect
my data AND I am harassed with notices.

If the intent of this law was to stop websites from collecting user data then
it appears to me it has completely failed while also introducing more friction
for users.

~~~
lm28469
Damned if you do, damned if you don't. Talk about HN doublethink/doublespeak
on privacy.

Not EU's fault if websites developers can't figure out how not to display EU
mandatory popups in the US (pro tip: it's not that difficult). On my side of
the pond these popups are actually useful.

~~~
strken
How is it "not that difficult"? Can you go into detail?

What are the consequences of failing to serve a popup to e.g. a European who's
using a VPN, or who has a slightly unusual IP address for which geolocation
doesn't work properly, or to someone with a non-European account who is in
Europe on a visa?

~~~
lm28469
We're talking about the 0.0001% here, and frankly it doesn't matter. The EU
has a fundamentally more sane judicial system than the US, no one will be
prosecuted because they didn't serve a pop up to a single EU user who were
using a VPN. What matters is that companies are legally obligated to treat
personal data as best as they can and if it's proven that they willingly
messed up or that they made stupid technical decisions (ie leaving an ES
instance open without any password or network protection level of stupidity)
they will be held accountable. It's not perfect but it's much better than
nothing.

------
hartator
> Europe continues to wrestle with the long arm of American law

In the case of the right to be forgotten, isn’t that the reverse? Europe
trying to make Americans not to talk about past crimes of EU citizens?

~~~
CrazyStat
Europe claims that the GDPR applies to data stored outside Europe, USA claims
that their search warrants apply to data stored outside the USA. Seems pretty
symmetrical to me.

~~~
missjellyfish
No, these are apples and oranges. GDPR regulates what obligations a site
collecting data of european users has (for example, acquiring consent). This
imposed regulations on a direct, contractual relationship (whether the
contract is implicit doesn’t matter here). Every party involved then has
rights to sue if the agreed contract is violated. A US company providing
service to US customers has no obligation from GDPR (but have fun making that
distinction in practice)

US search warrants on the other hand basically circumvent local law. I, as an
Austrian Citizen, have no way to protect myself against such warrants if I
decide to put my data in, let’s say, office365, even if the physical location
of my data is within Europe and the actual operation of the Servers is handled
by a different, European company.

In my opinion, this is nuts. The US should have to go through the same
channels for foreign police assistance as everybody else.

~~~
throwaway744678
How would the US enforce anything against a EU company hosting data in the EU?

~~~
fortytw2
Likewise, I think it's somewhat silly to think that the EU will actually
manage to do anything, or even successfully fine a US company with no presence
abroad that just so happens to have customers in the EU, for GDPR violations.

What are they even legally able to do if you, as a US company, simply refuse
whatever the EU asks.

Absolutely nothing is my (IANAL) bet. If you're not physically in the EU, I
have a very hard time believing any US court would allow you be... extradited?
Or even enforce fines from a foreign government.

Then again, maybe I'm totally wrong and am just confused about how EU law can
regulate those not under their jurisdiction.

~~~
janc_
They could always block you from doing business with your customers (or
suppliers) in the EU.

Obviously it would be much easier to enforce against companies that do have
some presence in the EU.

------
briandear
My problem is with the impacts of FATCA — a law that has dire outcomes for
Americans and “accidental” Americans (and their spouses) living abroad. These
data laws have limited material effects to someone’s daily life, but FATCA
affects everything from mortgage eligibility, retirement accounts and even
daily banking.

[https://etcanada.com/news/521610/hundreds-sue-french-bank-
bo...](https://etcanada.com/news/521610/hundreds-sue-french-bank-boursorama-
for-discrimination-and-possibly-a-brad-pitt-ad/)

~~~
timoth
It's even annoying for non-Americans living in other countries who have to
declare that they're not American and don't have any tax liabilities to the
USA.

------
HenryKissinger
Sooner or later, a global government with global enforcement powers will be
necessary if we want to tackle challenges of global magnitude, like digital
privacy, climate change, and artificial intelligence. As long as national
governments are free to do as they please, these situations will continue to
exist. Think an EU-like structure, but for the world.

~~~
throwaway744678
Thanks, but no thanks. I very much prefer the right of peoples to self-
determination.

Sovereign nations may then enter multilateral treaties (if they so wish) to
handle these matters.

~~~
tenebrisalietum
Devil's advocate: Do countries have the right to be dictatorships or fiefdoms
where few control most of the wealth?

~~~
throwaway744678
Sure, this is a good question. You'll note that few peoples actually choose to
live in a dictatorship. Moreover recent history has shown that external
countries (even with a UN mandate) throwing over dictators for the supposed
benefits of the people rarely ends well for everyone. There's undeniably a
conflict between the "right to interfere" and the sovereignty of nations. I am
afraid we won't solve it here in a few Internet posts!

