Patriot Act vs. European law: What are the likely outcomes?

Patriot Act vs. European law: What are the likely outcomes?

Summary: The European Parliament is considering their own laws in light of the Patriot Act admission by Microsoft. What could the next move be?


Between the transposing of the EU Data Protection Directive in 1998 and the terrorist attacks in New York in September 2001, trade relations between the United States and the European Union were mutual, bilateral and safe.

The arrangement between the U.S. and the EU -- for which both continents vary a great deal on data protection and citizen privacy -- were shot down when the Patriot Act was rushed through Congress in October 2001.

The European Parliament is debating its own laws, to determine whether the Patriot Act is a threat to European data.

A senior Microsoft executive has already stated that in, short, the Patriot Act does not allow them to guarantee the safety or privacy of European data.

A clear disparity between the laws is ever present and becoming clearer each and every day.

The question now to ask is: how could the data protection war between the two continents be solved?

The EU could ban cloud companies to force the U.S. into changing their laws.

This would be, if not the most significant measure the European Parliament could take.

Banning any connection to the U.S. cloud would have massive impact on trade and diplomatic relations, and would leave many customers and clients in service hiatus.

Customers could lose access to data already held in an insecure cloud, and have their services cut off entirely, with businesses losing their outsourced communications services.

Or, Europe could ban new cloud contracts being signed by European clients with U.S.-based or wholly owned companies. This would limit the problem from spreading, but not solve the issue in its entirety.

U.S. companies could 'set free' their EU-subsidiaries so they can operate as self-operated.

Though it is not ideal, and might cause serious legal headaches for wholly owned EU subsidiaries of larger U.S. owned companies, subsidiaries could be allowed to operate independently from their parent organisations.

At the moment, EU companies are controlled by their U.S. parent company and cannot refuse to hand over data. This has been likened to 'having an argument with yourself'.

The European Parliament could implement some methods to ensure that EU companies are protected under EU law, and therefore could operate independently from their head offices.

But this solution would not go without problems; with EU companies being able to -- in theory -- detach themselves from their parent company.

The EU could suspend Safe Harbor to prevent EU data leaving Europe.

Safe Harbor allows data to be sent from Europe to the United States, under the premise that organisations receiving the data from their European counterparts agree to the European data protection principles.

If Safe Harbor were to be suspended, this could severely impact cloud service providers, as well as governmental intelligence sharing capabilities.

While the very point of the Patriot Act series when I highlighted that U.S. intelligence agencies could access EU-based data, this would on the flip side have ramifications for intelligence sharing governments across the world; potentially hampering serious investigations into online child abuse and terrorism.

The EU could draft emergency legislation to temporarily block U.S. law, giving time to work on it further.

The most likely option, and far beyond the least damaging. In what form this will take, it is not clear.

The European Parliament could unequivocally state that EU data "must not leave the European Economic Area under any circumstances". This would solve the problem, as EU subsidiaries would have to abide by local EU law -- and could face severe penalties for not doing so.

But this would have implications for the Safe Harbor agreement.

Whether any solution is the "best" solution -- or even a solution at all -- there will no doubt be a backlash of further problems to consider.

This issue cannot be solved overnight, and will no doubt require fresh EU legislation to be put forward to the European Parliament.

Related content:

Also read ZDNet’s Patriot Act series:

Topics: Cloud, Government, Government US, Government UK, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • What do you think?

    If you have any suggestions or ideas which could ensure diplomatic peace but a secure European cloud, by all means leave your thoughts. <b>Have your say.</b>
    • As long as there is ownership or operative control, USA's government would

      @zwhittaker: ... not care about companies wanting to 'set free' their subsidiaries. It is not legally and technically possible to 'set free' European subsidiaries.<br><br>The only thing they can do it irreversibly transfer data *and* low-level operational control of it (with no high-level back-door interface to private data) to completely independent, Europe-based companies which should not own major business in USA.
    • RE: Patriot Act vs. European law: What are the likely outcomes?

      @zwhittaker Please don't take this too harshly but about every article I see from this particular blog in my email is fear mongering about zomg the Patriot Act! Honestly if you want to promote a peaceful resolution promote education on the part of the EU and citizens of both the US and across the pond. Now to be clear I'm not trying to single you out, I've had this discussion a number of times, you just happen to blog about it.

      First of all if you seriously think any ISP puts up a fight when to protect your information you're kidding yourself. I've seen several come in and the most action taken was to call a local branch and confirm the validity of the warrant after that full compliance. No provider is going to take a financial hit for a residential/small business customer. You may say Twitter 'fought' recently to maintain 'privacy' of it's customers - keep in mind the global visability and threat of retaliation.

      Secondly, there's more chance of a script kiddie sitting next to you at Starbucks sifting through your information than either the US or EU gov'ts caring about what porn you surf or the witicisms in your last email.

      In close there are many points I could bring up that atleast for me invalidate your concerns - whether it be that London is the most heavily monitored city in the world (even we don't tape record our citizens every public moment), the issues with Virgin Media, French moves towards censorship, and various other EU members that continue to whittle away at your privacy overseas. In short, you may not like the Patriot Act but it is enacted in the interests of our security - and if it was allowed to lapse it would simply require a warrant for the exact same investigations to take place (something that takes under 24hrs to obtain FYI) also with the many issues in Europe it would behoove you to worry about the log in your own eye before concerning yourself with the splinter in ours.
      • &quot;...but it is enacted in the interests of our security...&quot;

        @ITSamurai - That is why there statistically have been more domestic arrests, err umm...I mean... "detainment's", "investigations", no-knock and ?sneak & peek? warrants executed on the physical property and data of normal, everyday citizens than there has been on individuals who may actually fit a terrorist "profile", all under the guise of operating under the Patriot Act.

        Enjoy your "security."

        "Those who would sacrifice freedom for security deserve neither..." - Ben Franklin.
      • RE: Patriot Act vs. European law: What are the likely outcomes?

        @ITSamurai Are you sure our Patriot Act really has any authority in a foreign country?
    • RE: Patriot Act vs. European law: What are the likely outcomes?

      @zwhittaker The EU should block any and all access by any US government snooping. The US's Patridiot act is an intrusion into everyone's lives. We in the US are stuck with it but the rest of the world should resist it!
    • RE: Patriot Act vs. European law: What are the likely outcomes?

      @zwhittaker there are a few ways to look at this, and they are probably all valid:

      1) The U.S., as is often the case, is attempting to impose its will, its laws, and its culture on others. This doesn't make the U.S. or Europe better than the other, the Europeans just don't like having someone outside Europe tell them what to do. Normal. Proper negotiation rather than force would probably solve the problem. Since we are allies and have similar security interests, and information is already shared via the Echelon system, it shouldn't be difficult.

      2) The Patriot Act is an assault on the civil and individual rights of Americans, and represents a project that ultraconservatives had sitting on the shelf. 911 simply provided them with an opportunity to pass it in force without question, and so they dusted it off and put it out there. Time, now, to reconsider. That said, here in Europe, governments are also assaulting personal freedom, and the latest scandal involving Rupert Murdoch and the British police in illegal wiretaps doesn't look great for the individual rights and freedoms of Europeans, either. All of which is to say, "the price of freedom is eternal vigilance." But "eternal vigilance" does not mean security cameras in the streets, but rather, attention to responsible, and community oriented, liberty.

      3) The U.S. constitution does not guaranty privacy, and the supreme court has consistently refused to recognize a right to privacy. This is true for a long time, predating 911 and modern terrorism. European law, in general, does recognize such a right, and provides protections that don't exist in the U.S. - you cannot, under any circumstances, publish the photo of a private individual without his or her consent, for example. Without making a value judgement one way or the other, it is important for sovereign nations to respect such differences, and neither should be imposing their value systems on the others.

      Someone here made the point that our privacy is probably more in jeopardy from some geeky kid in Starbuck's than from these high-level snoops, and this is probably true - until the day you get caught up by an erroneous trigger in the spy machine. In any case, Twitter, Facebook, Google and other social networks already know more about us than any government - except they share this info with governments, too - and don't kid yourself, they do it with Europe and with the U.S. and no European law prevents it.
  • RE: Patriot Act vs. European law: What are the likely outcomes?

    The laws, especially the bill of Rights ratified Dec. 15th 1791 should be reinstated and the patriot act plus the title (whatever) removed! That would help everyone.
    • RE: Patriot Act vs. European law: What are the likely outcomes?


      Then one would only have to worry about the NSA accessing the data illegally and hiding that in the interest of "national security," as they did for a long time before the NY Times spilled the beans.
  • simple solution

    The internet belongs to the USA, hence the US law have always superseded the EU laws.
    What's new?
    When in doubt, ignore the EU law!
    Linux Geek
    • RE: Patriot Act vs. European law: What are the likely outcomes?

      • RE: Patriot Act vs. European law: What are the likely outcomes?

        EU should respect the Patriot act if they want to continue using the internet.
        Linux Geek
      • RE: Patriot Act vs. European law: What are the likely outcomes?

        @gillesbellemare @ Linux Geek: We had this argument years ago when local governments wanted to censor what was allowed in at public libraries. NOBODY "OWNS" the Internet. The underlying technology may have been developed by the US, but it was a European that created HTML and "the web", remember. And most of the really good security software vendors are European based. So this means all of us that use ESET or Kaspersky are SOL now?
        digital riverrat
    • RE: Patriot Act vs. European law: What are the likely outcomes?

      @Linux Geek
      FYI, EU Data Protection law predates widespread use of the Internet. It also applies to data held in corporate databases etc.
      • RE: Patriot Act vs. European law: What are the likely outcomes?

        but the US constitution predates the 'EU Data Protection' law.
        they should have made the law compatible with our constitution.
        Linux Geek
    • RE: Patriot Act vs. European law: What are the likely outcomes?

      @Linux Geek : what a remarkably boneheaded comment. U.S. Corporations own a fraction of the internet; the U.S.A. owns none of it. The vast majority of the infrastructure is outside the borders of the U.S. and also out of its corporate control. The massive invasion of privacy rights that is the Patriot Act has not resulted in a single terrorist plot prevented. Now you expect other nations to subject their citizens to our unconstitutional acts of congress? Our whole approach to national security is <br>schizophrenic in the extreme...on one hand we are pissing ourselves at the thought of offending anyone by profiling, and on the other have no qualms about invasive searches on infants and young children that could land even their parents in prison for child abuse. It is high time we dismantle the obscenity that is the TSA and focus on terrorists, not the sheep that we have become.
      • RE: Patriot Act vs. European law: What are the likely outcomes?

        ever heard of ICAN or DARPA? Internet can not exist without USA.
        Linux Geek
    • RE: Patriot Act vs. European law: What are the likely outcomes?

      @Linux Geek
      I asume that was intended to be witty? Sadly, it too terrifyingly close to the truth. Don't ordinary American citizens care how deeply mistrusted their country now is throughout the rest of the world now ? You may all think you are God's gift to the world - quite simply, you are not !
    • RE: Patriot Act vs. European law: What are the likely outcomes?

      @Linux Geek Its ICANN...and what of it? That is an international body. As for Darpa, I am guessing you a referring to ARPANet, which has been all but defunct for decades. The world wide web in its current incarnation was first designed and implemented in Great Britain. So how do you reach that absurd conclusion? Most of the European constitutional documents were written centuries before Columbus (not his real name, btw!) was a gleam in his daddy's eye. In any case, the U.S. Constitution is quite literally irrelevant outside the U.S. borders. It has no force or effect anywhere else but here...and wars have been fought over far lesser matters than what our dear government is proposing to do the E.U.
    • RE: Patriot Act vs. European law: What are the likely outcomes?

      @Linux Geek
      Since when does the internet belong to the US, that is about one of the most stupid and arrogant statements I have ever seen on these boards, Every country is tasked with ensuring the free flow of data and the US most certainly does not 'own' the internet, in fact it was the Europeans who developed HTML, (Swiss, French, German, and U.K) at the University of Cern in Bern, and yes go right ahead ignore EU Law for we can also do the same for you, America is in a decline and pretty soon will be a second rate country, especially as you sold most of your manufacturing base to China et al.