The issue has come to the fore thanks to the "2012 National Trade Estimate Report on Foreign Trade Barriers (NTE)" report. Part of the report focuses on "barriers" to trade complaints that U.S. companies have "voiced concerns" that the Australian government is "sending negative messages about cloud computing services to potential Australian customers in both the public and private sectors, implying that hosting data overseas, including in the United States, by definition entails greater risk and unduly exposes consumers to their data being scrutinized by foreign governments."
The report goes on to claim this isn't the case, but even Microsoft has said that it cannot provide guarantees against data being handed over to U.S. authorities.
Furthermore, the report complains that the Australian Parliament is considering draft legislation that prohibits "the overseas storage of any Australian electronic health records."
Australians aren't unique in worrying about the Patriot Act. The members of the European Union (EU) are also concerned and are trying to pass legislation that would override the current EU/U.S. Safe Harbor provisions. The possible remedies considered by the EU could result in major fines for companies in breach of the directive.
Organizations outside the United States are understandably concerned about hosting their data in the U.S, and thus may not do as much business with U.S.-based companies. If the new European Data Protection Directive goes forward it might ease concerns. But it could mean stringent penalties for U.S.-based companies if they do comply with requests from law enforcement. And it could mean legal unpleasantness if they don't comply with requests from U.S. law enforcement.
To put it another way, the tension between U.S. laws and interests overseas puts U.S. companies between a rock and a hard place.
None of this is helped by whining U.S. trade representatives complaining about "trade barriers" that are nothing more than prudent reactions to overreaching U.S. laws. What's called for is a second look at U.S. law - and a repeal of the parts (if not all) of the Patriot Act that give foreign organizations (and U.S. citizens, for that matter) cause for concern.
The other alternative is to cede business to companies outside the U.S.
The flip side of all of this, of course, is a business opportunity for companies based outside the U.S. and for companies that provide "bring your own storage," options like ownCloud or client-side encryption offerings like SpiderOak Blue.
The real barrier to trade here is not from outside, it's one the U.S. government has erected and that U.S.-based companies are likely to pay the price for.
Image courtesy of Shutterstock.