Much of the unspoken motivation for this change undoubtedly comes from the facts that:
- Ireland does not tax non-Irish income, so all the money Twitter International makes in the EU will be completely tax-free
- Ireland has among the relaxed data privacy laws in Europe, and therefore the least restrictions on how companies monetize data through advertising (Facebook has moved operations to Ireland for similar reasons)
- Moving to Ireland gives Twitter direct access to the other 27 countries in the European Union.
However, the aspect that has gained the most attention is that is the claim (not made by Twitter itself) that moving non-US citizens’ data outside of US jurisdiction will protect customers from NSA-style surveillance. This claim is, however, false.
Leaving aside the not inconsiderable detail that the NSA clearly does whatever it likes regardless of any legal niceties, according to both the USA Patriot Act and FISA, US companies are required by US law to hand over information on their servers to US intelligence agencies, even if that information resides on servers outside the US.
Given that US citizens’ data held on US soil does receive at least some legal protections (ignored those these often are), and that the US has explicitly granted itself the mandate to spy on any and all foreign nationals, Twitter’s move makes non-US citizen’s data more not less subject to US government surveillance.
This very issue, in fact, is at the center of a major row between Microsoft and the US government over Microsoft’s continued refusal to comply with a US court ruling demanding that it hand over information associated with an individual’s email account, including their name, credit card details and the contents of all messages, even though this data belongs to a non-US citizen and is stored on servers in Ireland.
‘Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany. They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter’s box with a master key, rummage through it, and fax the private letters to the Stadtpolizei.’
So goes the opening salvo in Microsoft’s legal brief with the US Second Circuit Court of Appeals in its ongoing case challenging this warrant – a test case that tech companies (and cloud storage companies in particular) are watching with avid interest, as the result is likely to have major implications on US companies’ ability to do business abroad. In the meantime, Twitter’s move to Ireland is more of a smokescreen for tax evasion than any real attempt to protect users’ data.
As for what data can be collected, although Tweets are very public, Twitter allows anonymous sign-up (unlike Facebook, which although it now permits pseudonyms under limited circumstances, requires that these are linked to verified read-world identities) but maintains account information (including IP addresses other information that can be used to track users)that could be useful to US law enforcement and surveillance agencies. In addition to this, the ability to send private Direct Messages (DM’s) and to restrict the audience to approved followers means that not all messages sent by Twitter are public.