With more than a hundred million subscribers in the USA, T-Mobile USA — the largest subsidiary of the German company Deutsche Telekom — collects more personal information about more people in the USA than any other U.S. subsidiary of a parent corporation based in the European Union. T-Mobile USA is thus the single most important test of the applicability to EU-based companies’ U.S. subsidiaries of European data protection rules and the privacy and data protection promises made by European multinational companies on behalf of their worldwide subsidiaries.
This matters because European laws and the stated policies of European companies like Deutsche Telekom typically claim to provide much better privacy protection than U.S. laws. People in the U.S. like me who care about privacy often chose to give our business to European companies, which often operate in the U.S. through subsidiary corporations they control, in order to obtain greater protection for our personal information than if we dealt with U.S.-based companies. But do these European companies practice what they preach?