While the CLOUD Act exists, and in general while the US refuses to recognize privacy rights of foreigners and grant them sane due-process protections, it seems logically impossible to comply with US and EU legislation at the same time (the European Commission’s repeated but non-binding pronouncements to the contrary notwithstanding). That US companies aren’t exactly in a hurry to try looks to mostly be a distraction.

US companies literally cannot abide by EU laws, because they are subject to US laws, which conflict with EU laws. This is what all these European judgements are disagreeing with.

The companies are not at fault here. The governments are at fault for dropping the ball on coming to an agreement. We’re on like the 5th round of this. Compliance is impossible.

Until the two governments fix this, US companies cannot operate in the EU without being at risk for pilfering from EU government.

In fact were talking about a Dutch company, Uber BV. If it can't abide by EU law then it shouldn't exist!

And does US law really prevent them from handling EU customer data in a compliant way? Could you give a specific example?

You could argue that the CLOUD act is in direct conflict with European data laws.

https://en.wikipedia.org/wiki/CLOUD_Act

However, it does not prevent data at rest being stored in the EU. Only that if requested the american company has to exfiltrate it to the states.

Thanks, it seems like indeed the US government could request that an EU subsidiary of a US entity provide data on an EU subject. This request could be lawful under US law but not EU and hence you'd have a conflict.

https://www.edps.europa.eu/sites/default/files/publication/1...

The action by Uber was complettly avoidable.

Couldn't they have kept the data stored in the EU? What US law prevents that?