Last week we told you about Microsoft's admission that, if compelled by the U.S. Patriot act, the company would hand over data stored outside the U.S. to U.S. authorities. The Patriot Act requires that U.S. companies comply with requests for information, even if that information is stored overseas, and companies may be required to provide that information to U.S. authorities without notifying customers that data was being accessed.
This week some further complication was added to the matter: Computer World reports that European Union officials believe the Patriot Act conflicts with the Data Protection Directive, which requires organizations to inform users when personal information is disclosed.
The issue was raised by a member of the European Parliment's civil liberties committee, Sophia In't Veld, and will need to be addressed by Viviane Reding, the European Commissioner for Justice, Fundamental Rights and Citizenship.
According to ComputerWorld:
Microsoft can already transfer E.U. data to the U.S. under the Safe Harbor agreement. But legal experts have warned that this agreement is hardly worth the paper it's written on. There are seven principles of Safe Harbor, including reasonable data security, and clearly defined and effective enforcement. However all this is nullified if the Patriot Act is invoked.
Theo Bosboom, an IT lawyer with Dirkzager Lawyers told ComputerWorld: "Europeans would be better to keep their data in Europe. If a European contract partner for a European cloud solution, offers the guarantee that data stays within the European Union, that is without a doubt the best choice, legally."
Photo by Jeffrey Bell