US beats Australia in data-protection laws: Microsoft

US beats Australia in data-protection laws: Microsoft

Summary: US laws do more to protect locally hosted data than Australian laws, and data sovereignty is an imaginary issue getting in the way of cloud adoption, according to Microsoft technical evangelist Rocky Heckman.


Data-protection laws are better in the US than in Australia, and concerns around data sovereignty in the cloud are unwarranted, according to Microsoft technical evangelist Rocky Heckman.

He was speaking at Microsoft's TechEd conference in the Gold Coast, Sydney.

Data sovereignty is still a big hurdle for public cloud adoption by businesses and governments. Many Australian organisations still prefer to host their data locally so that they don't fall under the seemingly invasive data jurisdictions of other countries, with the US Patriot Act being the prime example.

Heckman said that Microsoft receives a lot of questions in Australia about data sovereignty and how that plays into the vendor's Azure public cloud service.

"People think, and governments have been accused of mis-assuming this, that there is a law that says you cannot host data outside of Australian territorial boundaries," he said. "There isn't one — that law does not exist."

Organisations that fear the wrath of the Patriot Act, which they assume will give the US government unbridled access to data stored in the US, are very misguided, according to Heckman.

He used a whitepaper released by Hogan Lovells (PDF), which highlights data-protection laws in different countries around the globe, to make his point.

"If a cloud provider is based in Australia, it does not have to notify you if they voluntarily give your information to a legal organisation such as the Australian Federal Police," Heckman said. "The provider doesn't even have to tell you it did that, and they can volunteer that information if they suspect you may be naughty — the US doesn't even let you do that."

In the US, the government has to obtain a court order to access such data. The Patriot Act only helps to speed up the legal process if the purpose of the data is for anti-terrorism activities, according to Heckman.

"When you do a straight-across comparison, in actuality the US has better data-protection laws than Australia when it comes to the privacy of data," he said. "To be honest, if it was a terrorist situation, the Australian government would cough up your data long before the US Patriot Act comes into it."

Heckman believes that data sovereignty, when it comes to cloud computing is therefore a non-existent problem.

"This whole thing about data sovereignty is largely perception," he said. "We need to get over the perception we have a data-sovereignty problem."

Topics: Cloud, Government, Government AU, Government US, Microsoft, Australia

Spandas Lui

About Spandas Lui

Spandas forayed into tech journalism in 2009 as a fresh university graduate spurring her passion for all things tech. Based in Australia, Spandas covers enterprise and business IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Good site

    hi is really a very informative site..
    Linda Mistry
  • Tectonic Plate Movement

    "He was speaking at Microsoft's TechEd conference in the Gold Coast, Sydney."

    Wow! The "Gold Coast" is now in Sydney!
  • Data sovereignty is not imaginary!

    Sorry Rocky, data sovereignty is very real. It's dead simple - if you choose to store your data in some other nation you need to understand that that nation's law will be supreme.

    Regards privacy - its one thing for your own government to possibly mismanage your privacy interests but to to accept that some other nation's government can do so is too much. Try writing to their governing representatives and see what response you get. You could maybe try making your concerns felt at their next election ;-)
  • Got it in One

    After reviewing the article and recently others about Salesforce and Rackspace. I have drawn to the following conclusions -

    - we manage your data outside Australia

    - we will undertake to manage it in accordance with law if required to do so

    - we may be required by law to reveal your data to others because we are a US company and your data is stored here (or directly under our control)

    - trust us

    - don't worry about the Patriot Act because that only applies to terrorists or those financing them. Or, maybe, to those who could be terrorists and there is a need to check them out. And their friends.

    In other words most of the words around this subject are just waffle. If you really want your data to be managed in accordance with the laws of the jurisdiction in which you reside

    - store the data there and manage it yourself or use a local company / supplier. If you are less concerned, wish to use a US owned / based company then relax and consider the US Patriot Act sort of like force majeure - something that is beyond the control of both contracting parties.

    Which all amounts to the gunboat diplomacy of the 21st century.
    Paul Waite