We currently run a free VPN service, and are looking to launch a paid premium service that is structured in a way that would legally protect the privacy of our users.
first question -
If a US company is the owner and day-to-day operator of a company registered in an offshore jurisdiction with better privacy laws, do the US laws apply or can they be enforced on the subsidiary?
For example, if the offshore jurisdiction does not have any data retention or data sharing laws, can the US require this information from that company just because it is operated by a US company?
Second,
what is the current ideal jurisdiction to start a company in, in order to avoid being subjected to data retention, sharing and other US anti privacy laws, etc?
And last:
Are there any other issues, topics or procedures to consider regarding this matter?
first question -
If a US company is the owner and day-to-day operator of a company registered in an offshore jurisdiction with better privacy laws, do the US laws apply or can they be enforced on the subsidiary?
For example, if the offshore jurisdiction does not have any data retention or data sharing laws, can the US require this information from that company just because it is operated by a US company?
Second,
what is the current ideal jurisdiction to start a company in, in order to avoid being subjected to data retention, sharing and other US anti privacy laws, etc?
And last:
Are there any other issues, topics or procedures to consider regarding this matter?
