Data-protection laws are better in the US than in Australia, and concerns around data sovereignty in the cloud are unwarranted, according to Microsoft technical evangelist Rocky Heckman.
He was speaking at Microsoft's TechEd conference in the Gold Coast, Sydney.
Data sovereignty is still a big hurdle for public cloud adoption by businesses and governments. Many Australian organisations still prefer to host their data locally so that they don't fall under the seemingly invasive data jurisdictions of other countries, with the US Patriot Act being the prime example.
Heckman said that Microsoft receives a lot of questions in Australia about data sovereignty and how that plays into the vendor's Azure public cloud service.
"People think, and governments have been accused of mis-assuming this, that there is a law that says you cannot host data outside of Australian territorial boundaries," he said. "There isn't one — that law does not exist."
Organisations that fear the wrath of the Patriot Act, which they assume will give the US government unbridled access to data stored in the US, are very misguided, according to Heckman.
He used a whitepaper released by Hogan Lovells (PDF), which highlights data-protection laws in different countries around the globe, to make his point.
"If a cloud provider is based in Australia, it does not have to notify you if they voluntarily give your information to a legal organisation such as the Australian Federal Police," Heckman said. "The provider doesn't even have to tell you it did that, and they can volunteer that information if they suspect you may be naughty — the US doesn't even let you do that."
In the US, the government has to obtain a court order to access such data. The Patriot Act only helps to speed up the legal process if the purpose of the data is for anti-terrorism activities, according to Heckman.
"When you do a straight-across comparison, in actuality the US has better data-protection laws than Australia when it comes to the privacy of data," he said. "To be honest, if it was a terrorist situation, the Australian government would cough up your data long before the US Patriot Act comes into it."
Heckman believes that data sovereignty, when it comes to cloud computing is therefore a non-existent problem.
"This whole thing about data sovereignty is largely perception," he said. "We need to get over the perception we have a data-sovereignty problem."