Perhaps it's a silly question. . .
. . . .but how do EU Laws bind the United States ?
The deal governing transatlantic data flows doesn't properly protect European Union citizens and should be suspended unless the United States complies with its terms, MEPs have said. The Privacy Shield agreement, which aims to protect personal data transferred from the EU to the US, was set up after a legal challenge by …
They don't.
Inter-country agreements agree things like this though. The US made commitments to safeguard the data of EU citizens in return for EU companies being allowed to export data to those US companies.
These commitments are being broken, so the privilege they were granted is being revoked.
"in return for EU companies being allowed to export data to those US companies"
How much of this data leakage is company-to-company and how much is it individual EU citizens signing up for a US service? You sign up on a US server, read the EULA (several dozen pages wherein the jurisdiction of US law and playing fast and loose with personal data are mentioned). Who made the decision to export your personal data in these cases?
"You sign up on a US server, read the EULA (several dozen pages wherein the jurisdiction of US law and playing fast and loose with personal data are mentioned)."
EULAs have a habit of not being enforcible due to clashes with consumer law. Now they have GDPR to contend with as well. Conditions of service based on playing fast and loose with personal data will be hit hard with this.
but how do EU Laws bind the United States ?
You want to operate here, you have to follow those laws.
This pretty much confirms what I have been saying from before Max Schrems "broke" Safe Harbour with Facebook vs Europe - a political fix is simply not enough.
"...a political fix is simply not enough."
The U.S. has been a very important market for E.U. goods and the reason why so much time has been spent on trying to find a political solution, and kowtowing to the U.S. in general through various lop-sided agreements, was to preserve that market. However, the recent introduction by the U.S. of import tariffs on E.U. goods could have an effect here, as it makes the U.S. a less valuable and desirable market.
If the U.S. pushes too hard on agreements that favour only itself it may find that other countries will conclude it's just easier to forge new alliances and develop new markets on a more equitable basis.
No single country in the world is as powerful and important as the U.S. seems to believe it is.
But EU is also a very important market for US services. The Trump administration looks to be unable to understand that not only a lot of US goods may arrive in Europe directly from China but profits go to US companies (Apple...), but it also sells a lot of services which pumps a lot of EU money into US company (even if they keep them offshore as long as US taxes are not favourable - but that was a US issues, not an EU one).
These services are usually based on people's data - and I would be very careful to avoid to kill such kind of market...
When the Unites States want to access data stored outside their jurisdiction and under EU one...
While I understand the need to find agreements to speed up investigations since digital data can be moved so quickly and easily, the CLOUD Act is an arrogant one-sided decision, and any US company forced to obey it could also break EU laws.
"but how do EU Laws bind the United States ?"
US companies and the US government have to obey EU laws if they want access to EU markets and EU data. Simples.
The EU is after all a larger market with a larger population and a greater GDP, so it's not surprising that the US often has to do what it's told.
Lets not forget the third demon in this devilish pact ... Palantir Peter Thiel... Or shall we accept the word of professional liars, that it was just a few rogue Palantir employees helping CA out?!!! Lets face the wider truth here: Its time for EU data to stay on Servers hosted in Europe... i.e. No transfer!
No transfer, and no servers owned by US companies or their subsidiaries, because the CLOUD Act means that the US sees the data on non-US servers as being held on US servers, if the company owning the servers (or subsidiary) has a presence in the US.
No transfer, and no servers owned by US companies or their subsidiaries, because the CLOUD Act means that the US sees the data on non-US servers as being held on US servers, if the company owning the servers (or subsidiary) has a presence in the US.
You sound almost as if you were saying this in Russian. Funny, we laughed at them and said that they will "break the internet" for their citizens and "deprive their people of valuable services" when they did EXACTLY THAT two years ago.
I have been saying this for a decade now - it is advisable to follow their legal pipeline and their regs. Because what happens there will be repeated here in 2-3 years time.
"You have to give your trade partners time to comply."
How much time do they need?
As the article says, it was set up, reviewed after a year and some matters were found to need attention and, months later, still outstanding. Then the CLOUD act has made matters worse. They're not going to comply, at least not under more duress than just continuing threats to shut it down without doing so.
AFAICS the only effective pressure will be to shut down and put the ball in the US's court if they want it restarted.
"How much time do they need?"
Apparently a LONG time... http://www.tronc.com/gdpr/baltimoresun.com/
People don't seem to understand that Trump is following the Bannon/Putin agenda for deconstructing the world. He's killing trade ties with allies that have done reasonable well since WW2. He's strengthening ties with authoritarian regimes like Russia, China, North Korea potentially. He is hoping and fully expects to establish a ruling dynasty in the US with him as the progenitor of that dynasty. If you think I'm crazy read this...
https://www.salon.com/2017/09/12/harvard-psychiatrist-lance-dodes-donald-trump-is-a-sociopath-and-a-very-sick-individual/
"demand from all US companies to only store private data in EU-owned datacenters."
The CLOUD act makes it necessary to go a step further. There needs to be something like an EU-owned trustee such as the Microsoft/Deutsche Telekom arrangement or a franchise arrangement so the data, as opposed to the datacentre, is out of US control.