Why did Twitter and Dropbox relocate their non-US user accounts to Ireland? Is it because of Data Protection Law, PR or money?

First it was Twitter. An update in its privacy policy revealed that it was relocating its non-US accounts to Ireland. Then Dropbox’s updated terms of services revealed they were doing something similar.

twitterdropbox_dublin Why did Twitter and Dropbox relocate their non-US user accounts to Ireland?  Is it because of Data Protection Law, PR or money?

Twitter & Dropbox Relocate to Dublin

So why are these US companies incorporating in Ireland? Twitter stated it was expanding operations to better support their global users. Dropbox gave a similar reason.

Questions and speculation began online regardless. Most online comments seemed to attribute the move to three factors; money, data privacy and….more money.

Let’s take a look at each one:

Money

A favourable tax rate is one potential reason. The average effective tax rate for corporates in the US is 27.1% compared to Ireland’s 12.3%. This could certainly be a factor for both relocations but given both entities already had operations in Ireland, and no doubt structured their groups so as to exploit the tax rates as effectively as possible, it seems as though this could be something of a red herring for both Twitter and Dropbox’s reasons for relocating.

Data protection/privacy

Up to this point both companies have been US incorporated and, as mentioned above, they’ve both had Irish operations. As US corporations, they are subject to the US Patriot Act, a serious bone of contention for privacy advocates and businesses, which critics accuse of enabling the mass surveillance of the public. Edward Snowden specifically called out Dropbox as a tool to avoid if you care in any way about protecting your data in a 2014 interview.

To date one way US companies have attempted to address customers’ concerns has been to move servers outside of the US to Europe however that doesn’t address the issue as they remain US companies and therefore still subject to the Act. Some companies went further and moved the servers to a non-US group entity however this hasn’t stopped the US government from trying to get its hands on a non-US user’s data held by a server belonging to an Irish registered group company as seen in the Microsoft case.

Incorporation by a company in Ireland makes it subject to the EU’s Data Protection Directive. The EU’s new data protection proposals make it harder for US companies to take data on EU citizens outside of Europe. This has caused some upheaval in US tech companies and has seen Apple recently announcing plans to spend €1.7 billion building data centres in Ireland and Denmark as a pre-emptive move to deal with the rules. As recently as March 2015 Dropbox denied these proposals would have any effect on its operations. Perhaps it thought again. Perhaps in response to the growing glare it found itself under Dropbox wanted to put their users’ data out of reach of the NSA. Perhaps that’s the reason for the incorporation in Ireland. However one look at the company’s board of directors and the likelihood of this being the reason is unlikely. Condoleezza Rice may no longer be part of the US administration but given her history she is unlikely to support an evasion of the Act. Perhaps the move is more about optics than protection of customers’ data. Perhaps the fact that Dropbox announced the relocation via its terms of service rather than its privacy policy tells us all we need to know.

More money

Twitter’s announced the relocation to its users via its privacy policy. To date, Twitter has lagged behind Facebook in its ability to generate advertising revenue. It may have been looking at ways to change this and found the EU’s Data Protection Directive was going to hamper this strategy. Making it harder for Twitter to take data on EU citizens outside of Europe would limit its advertising revenue potential as over 60% of its users are located in the EU. By relocating to Ireland, Twitter may in fact, be in a position to sell its EU customer data more easily.

In summary

It would appear that Dropbox moved for PR and Twitter moved for more money. So it would seem that as a Twitter user you should expect your data to be sold and as a Dropbox user you could still be subject to the almighty Patriot Act regardless of these companies’ locations. The only way to protect your data in the latter’s case is to encrypt documents before storing them on such platforms. It’s important to note here that by encrypting the documents is not to say that you won’t be subject to the Patriot Act it just means that the US Government needs to get the required data directly from you rather than via a backdoor.

Jumble is a new email security product that provides an easy to use and secure end-to-end email encryption solution that protects the business’s information while also saving them time and money.  As a SaaS product, it works across a range of devices and platforms providing maximum flexibility to the email sender and receiver.  To sign up for a 30-day free trial please click HERE or visit www.jumble.io for more information.  Jumble is an Irish registered company.

Leave a Reply

Your email address will not be published. Required fields are marked *