Dutch government to ban U.S. providers over Patriot Act concerns
Summary: Though the Netherlands is 'experimenting' with Google Docs and Dropbox, it is ruling out U.S. cloud suppliers from Dutch government contracts, amid Patriot Act concerns.
The Dutch government is to "basically [...] exclude" U.S. cloud providers from government IT contracts amid concerns of the reach of the Patriot Act in Europe.
To prevent sensitive citizen data from being compromised by U.S. authorities, the move to bar U.S. companies from providing cloud-based services and data processing capabilities is only a temporary measure until the European Commission changes the data protection laws.
Discussed by the European Parliament's Privacy Platform earlier this month, the Patriot Act is being investigated by European authorities, after Gordon Frazer, managing director of Microsoft UK, exclusively told ZDNet that the Redmond-based company must comply with Patriot Act requests, and other companies with a U.S. presence must do also.
This contravenes European law, which states that organisations cannot pass on user data to a third-party outside the European zone without the users' permission.
In a written answer to a parliamentary question, Dutch minister Ivo Opstelten asserted that, in response to previous questions (Dutch): "This basically means that companies from the United States in such bids and contracts are excluded."
Opstelten admitted that while the Dutch government is "experimenting with Google Docs and Dropbox", though data is believed to be stored on Dutch territory, it is unknown whether they are managed by U.S. companies.
However, "taking into account the possible consequences of the application of foreign law", the minister said that steps would be taken to prevent U.S. cloud service providers or supplier would be "excluded" from contracts handling government or citizen data.
According to other reports, the government is considering a ban on Microsoft and Google provided cloud offerings, requiring policy to be put forward to determine certain requirements for awarding contracts.
Last month, an article published claimed that the power to search suspects with Patriot Act invoked 'delayed warrants' -- the ability to search without formally making warrants known to the subject, to prevent the loss of vital evidence -- were used in 1,618 drug-related cases, 122 cases for fraud, but only 15 cases relating to terrorism.
Related:
- Facebook rebuked by EU privacy platform; Patriot Act a 'distraction'?
- EU demands answers over Microsoft’s Patriot Act admission
- Patriot Act affects European cloud adoption
- European companies ‘need confidence’ over Patriot Act concerns
Also read:
- Microsoft: ‘We can hand over Office 365 data without your permission’
- Microsoft admits Patriot Act can access EU-based cloud data
- Patriot Act preventing Google Apps adoption in schools
- Patriot Act vs. European law: What are the likely outcomes?
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Great
RE: Dutch government to ban U.S. providers over Patriot Act concerns
I have to agree with the dutch on this one, we all should considering how much we should understand the right to privacy. To me, it is like our judicial system and the constitution: if there is reasonable doubt, then it is better that a guilty man go free than an innocent man be wrongfully imprisoned.
Our government should not be able to sniff through our private stuff whenever they feel like it. PERIOD.
RE: Dutch government to ban U.S. providers over Patriot Act concerns
"I have to agree with the dutch on this one"
Even when it contravenese provissons like GATT? We are a global economy of international trade. A nation is not entitled to shield nazi gold or hide bank accounts.
@GATT
RE: Dutch government to ban U.S. providers over Patriot Act concerns
It is ILLEGAL for them to transfer the personal information gathered in an EU country outside the EU borders.
The companies are based in (or have offices in) the USA, which means they are behoven to the Patriot Act, which means they have to break the law in order to comply with the law.
As long as these companies are behoven to the Patriot Act, they cannot do Cloud Business in the EU. Simple.
This has nothing to do with GATT or WTO. This has to do with being a law abiding company. The companies offering cloud services *AND* having an office in the USA cannot abide by EU law, because the US Government forces them to break the law of the countries where they are doing business.
On a secondary note, the "owner" of the data, in this case the Dutch Government, would be liable for the data breach (Microsoft / Google passing the data to the US Government unde the Patriot Act) and would face heavy fines and possible law suits for allowing personal data to leave the EU without the permission of the people affected - even though it wasn't them that moved the data outside the EU and gave it to a third party.
This is purely a problem with the Patriot Act. Once the Patriot Act is paired back, so that it does not break international law - or force other entities to break the law - then Cloud Service provided by American based companies can compete in the EU market.
Until then, moan to the DHS. Whilst I understand the paranoia that caused the Patriot Act to be drafted, it is overreaching its jurisdicatio, by asking companies to provide data to which they have right...
RE: Dutch government to ban U.S. providers over Patriot Act concerns
It's not so much that the *offices* are located in the U.S., but the *servers* are located in the U.S.
Which, to me, just highlights the basic problem with "cloud" computing: you're at the mercy of wherever the servers storing the data are located.
But having to comply with the US Patriot Act is *nothing*. Imagine if your data was stored in, say, China. They block their citizens from accessing particular sites outside of China (courtesy of Google & Cisco, among other companies), & their citizens have *no* expectation that their data is private. Would you really expect a company offering "cloud computing" solutions where the data is stored inside China's borders to be able to guarantee that the Chinese government won't access the data? Didn't think so.
RE: Dutch government to ban U.S. providers over Patriot Act concerns
RE: Dutch government to ban U.S. providers over Patriot Act concerns
RE: Dutch government to ban U.S. providers over Patriot Act concerns
RE: Dutch government to ban U.S. providers over Patriot Act concerns
If a service provider cannot guarantee to comply with the law, they are not allowed to do business. When they can guarantee, that they will comply with the law, they can tender for contracts.
RE: Dutch government to ban U.S. providers over Patriot Act concerns
RE: Dutch government to ban U.S. providers over Patriot Act concerns
"If they allowed Google and Microsoft (and others) to break the law"
This logical fallacy is called a "cum hoc ergo propter hoc." You are assuming that there is a breach of law when,
a) in fact, there are already plenty of laws on the book that specifically allow this. and
b) the very existance of Google or Microsoft with European data is a breach of the law.
Again, you will hear this in the WTO and other judicial forums.
RE: Dutch government to ban U.S. providers over Patriot Act concerns
So, what, when the Dutch police in the course of investigating a crime determine they need to access a suspect's data, before they request the warrant from a judge the suspect has to *agree* to it?
RE: Dutch government to ban U.S. providers over Patriot Act concerns
The Patriot Act doesn't require a Dutch (or German or whatever) judicial process, they just demand the information, without regard to what laws that might contravene.
IF the US Government came to Google/MS etc. with a Dutch warrant, then there probably wouldn't be such a problem, even better, if they came over to Holland to inspect the data, in co-operation with Dutch authorities...
But they don't, they just ignore the law.
Interesting choice of wording
Yet it makes no claim against passing information to third parties <b>inside</b> European zone.
:|
RE: Dutch government to ban U.S. providers over Patriot Act concerns
Because they follow the common rules established with the agreement of everyone concerned. Texas (in most parts) can pass data to Maine, NJ to Alabama, etc. Get it?
Right. So if someone in Germany wants info on a dutch citizen
no matter what, they get it.
I can understand DMV, SS, ect passing along that info between themselves, but what about other info, like where you've been, what you bought, ect?
Partial example, but not complete.
For example, Texas can make laws regarding who is considered a *resident* of their state, as can Maine, New Jersey, etc.... but *none* of those states can make laws regarding who is a *citizen* of the United States. That's the job of the *federal* government.
In contrast, Germany determines who has German citizenship, Netherlands determines who has Dutch citizenship, Italy determines who has Italian citizenship, etc.
RE: Dutch government to ban U.S. providers over Patriot Act concerns
The EU cannot control the data, once it leaves the EU and thus cannot enforce the statutory rights to privacy, hence the requirement for the affected person's permission, before the data can be released.
RE: Dutch government to ban U.S. providers over Patriot Act concerns