Europe might help here with getting around the privacy issues.
Organize your social media company so that all of the posts are made through, stored, retrieved, and controlled by a European company and all the processing/storage occurs in Europe.
GDPR would then apply to the European company. Yes, it would still apply even when the data is about someone who is not European. GPDR's extraterritorial rules are that it applies (1) to companies not in Europe that are offering products or services to people "in the Union" or tracking the actions of people in the Union that take place in the Union, and (2) to companies in the Union regardless of where they operate or where the data subjects are.
The CLOUD Act in the US would not apply, because the data would be controlled by a European company. The CLOUD Act applies to the case where a US company is storing data in a non-US location but still under its control, and allows the US to order that US company to retrieve the data.
It should be fine if the European company is partly or even completely owned by a US company, just as long as it is set up so that the European company controls the data. GDPR would still apply because of the European company, and the CLOUD Act would still not apply because the US company would not control the data.
Organize your social media company so that all of the posts are made through, stored, retrieved, and controlled by a European company and all the processing/storage occurs in Europe.
GDPR would then apply to the European company. Yes, it would still apply even when the data is about someone who is not European. GPDR's extraterritorial rules are that it applies (1) to companies not in Europe that are offering products or services to people "in the Union" or tracking the actions of people in the Union that take place in the Union, and (2) to companies in the Union regardless of where they operate or where the data subjects are.
The CLOUD Act in the US would not apply, because the data would be controlled by a European company. The CLOUD Act applies to the case where a US company is storing data in a non-US location but still under its control, and allows the US to order that US company to retrieve the data.
It should be fine if the European company is partly or even completely owned by a US company, just as long as it is set up so that the European company controls the data. GDPR would still apply because of the European company, and the CLOUD Act would still not apply because the US company would not control the data.