EU demands answers over Microsoft's Patriot Act admission

EU demands answers over Microsoft's Patriot Act admission

Summary: Members of European parliamentary states have demanded changes to the way data is sent to the United States from Europe, amid conflicts between the European data laws and the USA PATRIOT Act.

SHARE:

Members of European parliamentary states have demanded changes to the way data is sent to the United States from Europe, amid conflicts between the European data laws and the USA PATRIOT Act.

Last week in London, at the Office 365 launch, Microsoft UK chief executive Gordon Frazer admitted to ZDNet that Microsoft could not provide guarantees that EU-based cloud data would not leave Europe under any circumstances, even under a Patriot Act request -- and neither can any other company.

While Microsoft came clean and admitted on the record that data was not protected under EU law, the focus for European legislators is now to bolster existing EU law, amid Microsoft's admission.

Cloud stored data in the EU is not protected against U.S. law, following Frazer's admission. This has led many of the members of the European Parliament to question whether the European data protection legislation brought out in 1995 has any effect whatsoever.

Sophie in 't Veld, Dutch member of the European Parliament's civil liberties committee, brought up questions in the committee relating to whether the Patriot Act overrules the European data protection laws, and whether European data protection legislation can be adequately enforced.

One of the major considerations for the European members of parliament is to question the nullification of European data protection laws by the invoking of the Patriot Act.

Legal experts who spoke to IDG said that the EU data protection legislation is "hardly worth the paper it's written on".

The European commissioner charged with data protection said earlier this year that companies such as Microsoft, Google and Facebook "must adhere" to the strict EU privacy rules.

But as the Patriot Act overrules the European directive when data is on U.S. soil, regardless of whether the data is covered under the Safe Harbor framework, the "strict EU privacy rules" have no powers of protection.

Related content:

Also read ZDNet’s Patriot Act series:

Topics: Collaboration, Government, Government US, Government UK, Microsoft, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

52 comments
Log in or register to join the discussion
  • M$ must pay for its invasion of privacy

    and providing data to tyrannical regimes like China must stop!
    The people should boycott M$ and switch to google where your data is safe and sound!
    Linux Geek
    • RE: EU demands answers over Microsoft's Patriot Act admission

      @Linux Geek
      Comedy week?
      TKR1
      • RE: EU demands answers over Microsoft's Patriot Act admission

        @TKR1 No! He is always funny. He is our resident jester! Its nice to have him around. He makes people laugh. Laughter is good for health. And he does it for FREE !! :)
        1773
      • His statements are always illogical

        @TKR1

        I fail to see why he continues to post them.

        :|
        Tim Cook
      • Re: gavinwray1

        Losing weight has been a problem since time immemorial and with the growing awareness of diseases that are being linked to obesity and being overweight, more and more people today are being conscious and cautious with their diet and their lifestyle. http://www.fatburning.ca/

        There are no specific rules choosing and naming your dogs. The only boundary you would have to cross is to name them according to their sex. http://www.femaledognames.ca/

        You???ve now made the decision to buy a house in Canada, so it???s time to ensure that finding your new house. http://www.findhouse.ca/
        gavinwray1
    • RE: EU demands answers over Microsoft's Patriot Act admission

      @Linux Geek
      - get help.
      owlnet
    • safe and sound with Google?

      @Linux Geek

      You are quite the comedian.
      Joe_Raby
    • RE: EU demands answers over Microsoft's Patriot Act admission

      @Linux Geek *yawn*
      Data..safe and sound? hehehe... I think you are just a funny troll. You must be!
      jessiethe3rd
    • Not Microsoft you blowhard

      @Linux Geek
      This is the fault of the United States Federal Government and Google has to comply as well.

      But you knew that.
      use_what_works_4_U
  • RE: EU demands answers over Microsoft's Patriot Act admission

    Ban them from operating in the EU unless they obey EU law. Simple isn't it?
    timspublic1
    • RE: EU demands answers over Microsoft's Patriot Act admission

      @timspublic1@... It is relatively simple -- but that would mean that 700 million people in the EU would be at a massive disadvantage. This is why Safe Harbor was set up in the first place. Patriot Act, however, trumps it completely.
      zwhittaker
      • Demanded changes from Microsoft?

        @zwhittaker
        shouldn't they be talking to the US government? MS is just following the rules forced on us over here, as you guys are forced with rules from your government.

        If the data is stored in Europe, but accessed in the US, what rules apply there?

        This is a time where the governments should get together on the same page, as both sides have some pretty Draconian laws that can effect citizens on both sides of the Pond.
        Will Pharaoh
      • Even if data would be physically on European servers, the head company ...

        @Will Pharaoh: ... which operates it still in the USA -- id est obliged to follow the law.

        Microsoft, Google, Apple, whoever else will be <b>never</b> able to protect data of their users, no matter where their information is situated territory, unless they will outsource data management/operations to EU's locally registered company.

        However, not there is no way how it could be business-wise practical before EU would declare a <b>ban</b> of any service which does not protect privacy of its citizens. Only then all of these mentioned companies will go through these risks, hurdles and technical difficulties to outsource operation of data to a third party local EU company.
        DDERSSS
      • I trust that Apple would never give up my data

        @zwhittaker
        Apple cares too much about security and about the happiness of their customers. Even though I live in the US, I'm sure that Apple would protect my data from the government. YEAH!!!
        woulddie4apple
      • Ownership and control can differ

        @ DeRSSS

        If a US firm form a subsidiary in an EU member state, it may be possible to include legal language giving the subsidiary sole access to data stored in the EU, even if the subsidiary remain wholly owned by the US parent. As a vaguely related example, German firms are answerable to supervisory boards that include owner (shareholder) and employee (trade union) representatives, rather than being solely accountable to the owners (shareholders). The point of the comparison is that legal systems can and do distinguish between ownership and control.

        With the right legal framework, if management of a US firm were to order an EU-based employee, or an employee of the firm's EU subsidiary, to hand over any EU data, the employee would be legally obliged to refuse, and could face no retaliation for that refusal. If the US firm were to retaliate, e.g. by sacking the employee (directly or via the EU management of the subsidiary), the employee could sue the firm, which could potentially lose the right to operate in the EU.

        If ownership by a US firm negates EU data protection directives, then EU lawmakers need to clarify or update the law. It has to be illegal for anyone in the EU to make protected data available (directly or indirectly) outside of the EU, irrespective of whether or not the person in question works for a US firm or for an EU subsidiary of such.
        WilErz
      • RE: EU demands answers over Microsoft's Patriot Act admission

        @zwhittaker Can't you guys (the British) just take back America? We're clearly too stupid and immature to run it.
        snoop0x7b
    • RE: EU demands answers over Microsoft's Patriot Act admission

      @timspublic1@...

      Apple, Google, and others likely follow the laws of the US as well. How many companies should they ban from the EU?
      Michael Alan Goff
    • RE: EU demands answers over Microsoft's Patriot Act admission

      @timspublic1@...

      "Ban them from operating in the EU unless they obey EU law. Simple isn't it?"

      It certainly works in China where Microsoft and Google are complicit in enforcing the government rules.

      EU customers should choose a vendor that will commit to abiding by EU law.
      pwatson
    • RE: EU demands answers over Microsoft's Patriot Act admission

      @timspublic1@... Absolutely. Cloud or NOT cloud, EU information laws should be respected by the vendors serving the area. Im pretty sure if the microsoft was chineese based, most of the jokers here would be saying much different things. ALSO, someone said they didnt care about feds looking into their info, that guy must have worked in the industry hmmm at least around 40 yrs ago! Get Real !!
      EU should protect its rights and laws. Totally agreed!
      bilal_mahmood
  • RE: EU demands answers over Microsoft's Patriot Act admission

    If a US company has EU data on US-located servers and it's vulnerable to the Patriot Act, then the safe harbour agreement with the US needs to be ripped up as it isn't practical.<br><br>The bigger issue is what happens to EU data in the EU-located servers of an EU subsidary of a US organisation. If the Patriot Act is invoked against the parent organisation and the subsidary hands it over when it is against EU law to do so, what will happen? Prosecution by the EU? But if they refuse the company will be prosecuted by the US?<br><br>The EU either needs to reach an agreement with the US over the limits of the Patriot Act as it pertains to European data, or refuse to give some kind of data protection endorsement to companies that have data vulnerable to the Act.

    For companies like Microsoft I can see this not being a massive problem as they could license the infrastructure to run their cloud services to resellers and so never touch the data themselves.
    OffsideInVancouver