Twitter has announced that, effective next month, its Dublin-based entity will take over all services for non-US users. Accordingly, all non-US user data will be moved to servers in Ireland and governed by Irish privacy and data protection laws. By making this move, Twitter is taking the lead from other major tech companies that have also recently offshored their non-US user data to Ireland.
The move has two main consequences: First, Twitter’s non-US user data may now be beyond the reach of NSA surveillance programs. And second, Ireland’s Data Protection Commissioner (one of the European privacy regulators with a balanced approach to compliance and enforcement), will assume responsibility for overseeing Twitter’s handling of information for approximately 300 million users.
Whether Twitter’s move of non-US data to Ireland will shield it from US government warrants is an issue that may be decided this summer in a New York appellate court. Microsoft Corporation has challenged a warrant for its user data stored in Ireland, arguing that the Stored Communications Act doesn’t apply to private data on foreign servers. The government asserts that the foreign data targeted by the warrant is fair game because, even though it is stored abroad, Microsoft has control over the data and is based in the United States.