Microsoft bullish on Congress' inclusion of CLOUD Act in funding bill

Now that the CLOUD Act has been added to a U.S. government spending bill, resolution over the government's role in cross-border data privacy may be a step closer to resolution.
Written by Mary Jo Foley, Senior Contributing Editor

Microsoft has been arguing for a while that data privacy is something that needs addressing by Congress, not the courts.


It looks like Redmond is one step closer to getting its wish. The CLOUD (Clarifying Lawful Overseas Use of Data) Act was added to an omnibus funding bill on March 21.

The CLOUD Act creates a legal framework regulating how law enforcement can access data across borders. It has received backing by members of both parties in Congress, the Department of Justice, and a number of tech companies, including Microsoft, Apple, Google and Facebook.

Late last month, the U.S. Supreme Court heard arguments over Microsoft's ongoing battle with the U.S. government over data privacy. According to reports from those attending, the justices didn't seem swayed by Microsoft's claims that data stored overseas should not be accessible to government prosecutors. A ruling in the case isn't expected until the end of June 2018, but may not happen at all if the CLOUD Act renders the issue moot.

Microsoft President and Chief Legal Officer Brad Smith was predictably upbeat about Congress taking on the data-privacy issue, as indicated by his blog post about it.

But not everyone is onboard. The Electronic Frontier Foundation has opined that the CLOUD Act is a "dangerous expansion of police snooping on cross-border data." The ACLU has said the Cloud ACT "threatens activists abroad, individuals here in the U.S."

Microsoft's data-privacy case began in 2013 over emails from a drug trafficking investigation suspect stored in Microsoft servers in Dublin. A federal judge in New York issued a warrant for the emails, and Microsoft decided to challenge the order in court.

Editorial standards