EU demands answers over Microsoft's Patriot Act admission
Summary: Members of European parliamentary states have demanded changes to the way data is sent to the United States from Europe, amid conflicts between the European data laws and the USA PATRIOT Act.
Members of European parliamentary states have demanded changes to the way data is sent to the United States from Europe, amid conflicts between the European data laws and the USA PATRIOT Act.
Last week in London, at the Office 365 launch, Microsoft UK chief executive Gordon Frazer admitted to ZDNet that Microsoft could not provide guarantees that EU-based cloud data would not leave Europe under any circumstances, even under a Patriot Act request -- and neither can any other company.
While Microsoft came clean and admitted on the record that data was not protected under EU law, the focus for European legislators is now to bolster existing EU law, amid Microsoft's admission.
Cloud stored data in the EU is not protected against U.S. law, following Frazer's admission. This has led many of the members of the European Parliament to question whether the European data protection legislation brought out in 1995 has any effect whatsoever.
Sophie in 't Veld, Dutch member of the European Parliament's civil liberties committee, brought up questions in the committee relating to whether the Patriot Act overrules the European data protection laws, and whether European data protection legislation can be adequately enforced.
One of the major considerations for the European members of parliament is to question the nullification of European data protection laws by the invoking of the Patriot Act.
Legal experts who spoke to IDG said that the EU data protection legislation is "hardly worth the paper it's written on".
The European commissioner charged with data protection said earlier this year that companies such as Microsoft, Google and Facebook "must adhere" to the strict EU privacy rules.
But as the Patriot Act overrules the European directive when data is on U.S. soil, regardless of whether the data is covered under the Safe Harbor framework, the "strict EU privacy rules" have no powers of protection.
Related content:
- Microsoft admits Patriot Act can access EU-based cloud data
- Webcast: Patriot Act: Myth of a secure European cloud?
- Microsoft: 'We can hand over Office 365 data without your permission'
- Facebook, Google 'must adhere' to strict EU privacy rules
Also read ZDNet’s Patriot Act series:
- Summary: ZDNet’s USA PATRIOT Act series
- Part 1: USA PATRIOT Act and the controversy of Canada
- Part 2: Safe Harbor: Why EU data needs 'protecting' from U.S. law
- Part 3: How the USA PATRIOT Act can be used to access EU data
- Part 4: USA PATRIOT Act: The myth of a secure European cloud
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
M$ must pay for its invasion of privacy
The people should boycott M$ and switch to google where your data is safe and sound!
RE: EU demands answers over Microsoft's Patriot Act admission
Comedy week?
RE: EU demands answers over Microsoft's Patriot Act admission
His statements are always illogical
I fail to see why he continues to post them.
:|
Re: gavinwray1
There are no specific rules choosing and naming your dogs. The only boundary you would have to cross is to name them according to their sex. http://www.femaledognames.ca/
You???ve now made the decision to buy a house in Canada, so it???s time to ensure that finding your new house. http://www.findhouse.ca/
RE: EU demands answers over Microsoft's Patriot Act admission
- get help.
safe and sound with Google?
You are quite the comedian.
RE: EU demands answers over Microsoft's Patriot Act admission
Data..safe and sound? hehehe... I think you are just a funny troll. You must be!
Not Microsoft you blowhard
This is the fault of the United States Federal Government and Google has to comply as well.
But you knew that.
RE: EU demands answers over Microsoft's Patriot Act admission
RE: EU demands answers over Microsoft's Patriot Act admission
Demanded changes from Microsoft?
shouldn't they be talking to the US government? MS is just following the rules forced on us over here, as you guys are forced with rules from your government.
If the data is stored in Europe, but accessed in the US, what rules apply there?
This is a time where the governments should get together on the same page, as both sides have some pretty Draconian laws that can effect citizens on both sides of the Pond.
Even if data would be physically on European servers, the head company ...
Microsoft, Google, Apple, whoever else will be <b>never</b> able to protect data of their users, no matter where their information is situated territory, unless they will outsource data management/operations to EU's locally registered company.
However, not there is no way how it could be business-wise practical before EU would declare a <b>ban</b> of any service which does not protect privacy of its citizens. Only then all of these mentioned companies will go through these risks, hurdles and technical difficulties to outsource operation of data to a third party local EU company.
I trust that Apple would never give up my data
Apple cares too much about security and about the happiness of their customers. Even though I live in the US, I'm sure that Apple would protect my data from the government. YEAH!!!
Ownership and control can differ
If a US firm form a subsidiary in an EU member state, it may be possible to include legal language giving the subsidiary sole access to data stored in the EU, even if the subsidiary remain wholly owned by the US parent. As a vaguely related example, German firms are answerable to supervisory boards that include owner (shareholder) and employee (trade union) representatives, rather than being solely accountable to the owners (shareholders). The point of the comparison is that legal systems can and do distinguish between ownership and control.
With the right legal framework, if management of a US firm were to order an EU-based employee, or an employee of the firm's EU subsidiary, to hand over any EU data, the employee would be legally obliged to refuse, and could face no retaliation for that refusal. If the US firm were to retaliate, e.g. by sacking the employee (directly or via the EU management of the subsidiary), the employee could sue the firm, which could potentially lose the right to operate in the EU.
If ownership by a US firm negates EU data protection directives, then EU lawmakers need to clarify or update the law. It has to be illegal for anyone in the EU to make protected data available (directly or indirectly) outside of the EU, irrespective of whether or not the person in question works for a US firm or for an EU subsidiary of such.
RE: EU demands answers over Microsoft's Patriot Act admission
RE: EU demands answers over Microsoft's Patriot Act admission
Apple, Google, and others likely follow the laws of the US as well. How many companies should they ban from the EU?
RE: EU demands answers over Microsoft's Patriot Act admission
"Ban them from operating in the EU unless they obey EU law. Simple isn't it?"
It certainly works in China where Microsoft and Google are complicit in enforcing the government rules.
EU customers should choose a vendor that will commit to abiding by EU law.
RE: EU demands answers over Microsoft's Patriot Act admission
EU should protect its rights and laws. Totally agreed!
RE: EU demands answers over Microsoft's Patriot Act admission
For companies like Microsoft I can see this not being a massive problem as they could license the infrastructure to run their cloud services to resellers and so never touch the data themselves.