Dutch government to ban U.S. providers over Patriot Act concerns

Dutch government to ban U.S. providers over Patriot Act concerns

Summary: Though the Netherlands is 'experimenting' with Google Docs and Dropbox, it is ruling out U.S. cloud suppliers from Dutch government contracts, amid Patriot Act concerns.

SHARE:

The Dutch government is to "basically [...] exclude" U.S. cloud providers from government IT contracts amid concerns of the reach of the Patriot Act in Europe.

To prevent sensitive citizen data from being compromised by U.S. authorities, the move to bar U.S. companies from providing cloud-based services and data processing capabilities is only a temporary measure until the European Commission changes the data protection laws.

Discussed by the European Parliament's Privacy Platform earlier this month, the Patriot Act is being investigated by European authorities, after Gordon Frazer, managing director of Microsoft UK, exclusively told ZDNet that the Redmond-based company must comply with Patriot Act requests, and other companies with a U.S. presence must do also.

This contravenes European law, which states that organisations cannot pass on user data to a third-party outside the European zone without the users' permission.

In a written answer to a parliamentary question, Dutch minister Ivo Opstelten asserted that, in response to previous questions (Dutch): "This basically means that companies from the United States in such bids and contracts are excluded."

Opstelten admitted that while the Dutch government is "experimenting with Google Docs and Dropbox", though data is believed to be stored on Dutch territory, it is unknown whether they are managed by U.S. companies.

However, "taking into account the possible consequences of the application of foreign law", the minister said that steps would be taken to prevent U.S. cloud service providers or supplier would be "excluded" from contracts handling government or citizen data.

According to other reports, the government is considering a ban on Microsoft and Google provided cloud offerings, requiring policy to be put forward to determine certain requirements for awarding contracts.

Last month, an article published claimed that the power to search suspects with Patriot Act invoked 'delayed warrants' -- the ability to search without formally making warrants known to the subject, to prevent the loss of vital evidence -- were used in 1,618 drug-related cases, 122 cases for fraud, but only 15 cases relating to terrorism.

Related:

Also read:

Topics: Government US, Government

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

41 comments
Log in or register to join the discussion
  • Great

    Now we will see the first challenge brought to the WTO against the Dutch government.
    Your Non Advocate
    • RE: Dutch government to ban U.S. providers over Patriot Act concerns

      @facebook@...

      I have to agree with the dutch on this one, we all should considering how much we should understand the right to privacy. To me, it is like our judicial system and the constitution: if there is reasonable doubt, then it is better that a guilty man go free than an innocent man be wrongfully imprisoned.

      Our government should not be able to sniff through our private stuff whenever they feel like it. PERIOD.
      brad1000
      • RE: Dutch government to ban U.S. providers over Patriot Act concerns

        @brad1000

        "I have to agree with the dutch on this one"

        Even when it contravenese provissons like GATT? We are a global economy of international trade. A nation is not entitled to shield nazi gold or hide bank accounts.
        Your Non Advocate
      • @GATT

        EU private information is not Nazi gold. EU Nations are under an OBLIGATION to hide bank accounts, as they are under an obligation to keep all private information secret. See EU Fundamental Rights, Privacy.
        guihombre
      • RE: Dutch government to ban U.S. providers over Patriot Act concerns

        @facebook@... Nothing to do with GATT, they are banning companies which do not comply with the law.

        It is ILLEGAL for them to transfer the personal information gathered in an EU country outside the EU borders.

        The companies are based in (or have offices in) the USA, which means they are behoven to the Patriot Act, which means they have to break the law in order to comply with the law.

        As long as these companies are behoven to the Patriot Act, they cannot do Cloud Business in the EU. Simple.

        This has nothing to do with GATT or WTO. This has to do with being a law abiding company. The companies offering cloud services *AND* having an office in the USA cannot abide by EU law, because the US Government forces them to break the law of the countries where they are doing business.

        On a secondary note, the "owner" of the data, in this case the Dutch Government, would be liable for the data breach (Microsoft / Google passing the data to the US Government unde the Patriot Act) and would face heavy fines and possible law suits for allowing personal data to leave the EU without the permission of the people affected - even though it wasn't them that moved the data outside the EU and gave it to a third party.

        This is purely a problem with the Patriot Act. Once the Patriot Act is paired back, so that it does not break international law - or force other entities to break the law - then Cloud Service provided by American based companies can compete in the EU market.

        Until then, moan to the DHS. Whilst I understand the paranoia that caused the Patriot Act to be drafted, it is overreaching its jurisdicatio, by asking companies to provide data to which they have right...
        wright_is
      • RE: Dutch government to ban U.S. providers over Patriot Act concerns

        @wright_is

        It's not so much that the *offices* are located in the U.S., but the *servers* are located in the U.S.

        Which, to me, just highlights the basic problem with "cloud" computing: you're at the mercy of wherever the servers storing the data are located.

        But having to comply with the US Patriot Act is *nothing*. Imagine if your data was stored in, say, China. They block their citizens from accessing particular sites outside of China (courtesy of Google & Cisco, among other companies), & their citizens have *no* expectation that their data is private. Would you really expect a company offering "cloud computing" solutions where the data is stored inside China's borders to be able to guarantee that the Chinese government won't access the data? Didn't think so.
        spdragoo@...
      • RE: Dutch government to ban U.S. providers over Patriot Act concerns

        @spdragoo... No, any company that has an office in the USA has to comply with the Patriot Act. Even if the data is held overseas, and even if it is breaking other laws, they have to import the data into the USA and hand it over to the US Government.
        wright_is
    • RE: Dutch government to ban U.S. providers over Patriot Act concerns

      @facebook@... More likely the US Government for riding roughshod over the rights of non-American citizens, who aren't even in the US!
      wright_is
      • RE: Dutch government to ban U.S. providers over Patriot Act concerns

        @wright_is A lot of bombastic jingoism packed in that sentence. The Dutch government is basically stating that they are above international trade laws and are willing to be a safe haven for criminals and tax dodgers. Not only is this a perfect opportunity for a WTO challenge, but for other well-established legal doctrines. The effect of the Dutch government's action may result in the tearing away of the paper-thin protection of Safe Harbor laws when they contravene internaional trade and criminal laws.
        Your Non Advocate
      • RE: Dutch government to ban U.S. providers over Patriot Act concerns

        @facebook... No. This has nothing to do with a safe haven. This has to do with protecting the constitutional rights of their citizens. If they allowed Google and Microsoft (and others) to break the law and hand over personal data to the US Government, without the individual's permission, they would open themselves to to prosecution and fines. I don't see this has anything to do with WTO.

        If a service provider cannot guarantee to comply with the law, they are not allowed to do business. When they can guarantee, that they will comply with the law, they can tender for contracts.
        wright_is
      • RE: Dutch government to ban U.S. providers over Patriot Act concerns

        @wright_is ... it could also be said that the US is above the law in forcing US based companies to break the law in countries where they operate.. I understand the concerns over security, but the Patriot Act or no law in a western democracy should allow the passing of any information without cause or warrant. It makes us as bad as the people we are fighting against.
        striker67
      • RE: Dutch government to ban U.S. providers over Patriot Act concerns

        @wright_is

        "If they allowed Google and Microsoft (and others) to break the law"


        This logical fallacy is called a "cum hoc ergo propter hoc." You are assuming that there is a breach of law when,

        a) in fact, there are already plenty of laws on the book that specifically allow this. and

        b) the very existance of Google or Microsoft with European data is a breach of the law.

        Again, you will hear this in the WTO and other judicial forums.
        Your Non Advocate
      • RE: Dutch government to ban U.S. providers over Patriot Act concerns

        @wright_is

        So, what, when the Dutch police in the course of investigating a crime determine they need to access a suspect's data, before they request the warrant from a judge the suspect has to *agree* to it?
        spdragoo@...
      • RE: Dutch government to ban U.S. providers over Patriot Act concerns

        @spdragoo... No, if they have a warrant, the Dutch police can access the data, without the individual's permission. But, they are inside the EU and they have gone through a judicial process.

        The Patriot Act doesn't require a Dutch (or German or whatever) judicial process, they just demand the information, without regard to what laws that might contravene.

        IF the US Government came to Google/MS etc. with a Dutch warrant, then there probably wouldn't be such a problem, even better, if they came over to Holland to inspect the data, in co-operation with Dutch authorities...

        But they don't, they just ignore the law.
        wright_is
  • Interesting choice of wording

    <i>This contravenes European law, which states that organisations cannot pass on user data to a third-party outside the European zone without the users permission.[/i]

    Yet it makes no claim against passing information to third parties <b>inside</b> European zone.

    :|
    Tim Cook
    • RE: Dutch government to ban U.S. providers over Patriot Act concerns

      @Mister Spock
      Because they follow the common rules established with the agreement of everyone concerned. Texas (in most parts) can pass data to Maine, NJ to Alabama, etc. Get it?
      kirovs@...
      • Right. So if someone in Germany wants info on a dutch citizen

        @kirovs@...
        no matter what, they get it.

        I can understand DMV, SS, ect passing along that info between themselves, but what about other info, like where you've been, what you bought, ect?
        William Farrell
      • Partial example, but not complete.

        @kirovs@...

        For example, Texas can make laws regarding who is considered a *resident* of their state, as can Maine, New Jersey, etc.... but *none* of those states can make laws regarding who is a *citizen* of the United States. That's the job of the *federal* government.

        In contrast, Germany determines who has German citizenship, Netherlands determines who has Dutch citizenship, Italy determines who has Italian citizenship, etc.
        spdragoo@...
    • RE: Dutch government to ban U.S. providers over Patriot Act concerns

      @Mister Spock Because companies inside the EU zone are behoven to the data protection and privacy rules of the EU. That means that they also have to comply to very strict rules.

      The EU cannot control the data, once it leaves the EU and thus cannot enforce the statutory rights to privacy, hence the requirement for the affected person's permission, before the data can be released.
      wright_is
      • RE: Dutch government to ban U.S. providers over Patriot Act concerns

        What @wright_is said. EU Data Protection Directive gives every member state in Europe the same foundation laws -- for which they can then build upon.
        zwhittaker