As U.S. regulatory investigations become increasingly global, the EU data protection laws and the restrictions they impose present major challenges for companies that want to cooperate with authorities by transferring requested EU data to the United States.

Recent developments in both jurisdictions, such as the Google Spain Decision of the European Court of Justice,1 the opinion of the Advocate General Bot in the Schrems Case,2 and the Southern District of New York's Microsoft-Ireland decision3 intensify the inherent conflict between the strict EU data protection rules and the extraterritorial reach of U.S. investigations. Also, by the end of 2015, a new General Data Protection Regulation (GDPR) is expected to change the EU data protection landscape and, in many cases, result in even more stringent laws while imposing heftier penalties for non-compliance.

Thus, it is crucial for companies to understand the data protection laws and the options for cooperating with authorities while also complying with the applicable laws.