Last week, the EU became aware of a potential plan that the United States federal government was going to “seize” EU citizen’s private data from cloud service providers.
The accuasation came about after Microsoft ‘quietly’ let it slip that “cloud data stored on its European servers can still be handed over to American investigators”. This has sparked outrage throughout Europe as it conflicts with the European Data Protection Directive. The Directive states that it will protect the privacy of its citizens whilst demanding that its citizens are informed any time their data has been collected. The ‘USA PATRIOT Act of 2001’ (for which Microsoft comes under) authorises the gathering of “foreign intelligence infromation” from foreign nations, meaning that the U.S has access to anyone’s data. To makes matters worse, the Directive can do little to stop the U.S from secretly seizing cloud data in the name of the PATRIOT act.
So with the U.S being able to “seize” data from anyone, anywhere in the world, at any time, does this mean that US law outweighs EU law? Can the U.S. continue to obtain cloud data from any nation without considering the implications they might leave behind in the foreign nations?
In my opinion, we should take the European Data Protection Directive to the next level. The Directive was put in place to harmonise data laws within each EU country. This should be stepped up a gear and a global and unified law should be addressed across all countries so we won’t ever come to the conclusion that one nation’s law overrules another’s.
Cloud Computing: A Practical Introduction to the Legal Issues is a practical resource for those involved in buying or providing cloud services. It sets out practical steps to address legal issues both in the regulatory context and in the context of contracts between customer and suppliers. It also deals with issues which arise when the cloud service is used by regulated sectors, such as financial services.