Patriot Act affects European cloud adoption

Microsoft's admission, made at the Office 365 launch, that EU data is vulnerable to U.S. inspection is hampering cloud uptake and growth.
Written by Zack Whittaker, Contributor

More and more organisations are abstaining from the cloud, according to a report by a leading newspaper, due to the reach of the Patriot Act in Europe and further afield.

According to the Financial Times(available via Google without registering), the discussions were brought up during private FT meetings last month, and data privacy and cloud services topped the concerns of IT bosses.

During the Office 365 launch in London in June, Microsoft admitted to ZDNet that any data stored, processed or owned in Europe and further afield -- including email, file storage and web applications -- are liable for U.S. government inspection under the Patriot Act.

The FT's report is crucial to understand the feeling in the wider room amongst IT chiefs. As many are data controllers as well as processors of the data, it could lead to civil or criminal action against cloud users for mismanagement of data.

Due to the disparity between European and U.S. law, wholly-owned subsidiaries cannot comply with the European Data Protection Directive -- which requires companies to inform their users that data will leave the European zone -- because U.S. law can 'gag' them with existing legislation.

Microsoft's admission sets precedent across the board, applying to every other cloud-service provider with an entity in the United States, including Amazon, Intel, Apple and Google.

A former Microsoft employee, still close to the company, told me that Frazer's admission has cost the company "millions" in potential contracts.

The Redmond based company will "only respond to government requests for enterprise customer data when legally required", adding: "we will use commercially reasonable efforts to notify those customers in advance, unless we are legally prohibited from doing so."

Such reassurances, however, does not firmly guarantee that data will not be handed over under any circumstances -- even if the customer is outside U.S. jurisdiction. This alone does not fill IT chiefs with confidence over the security of their clients' data.

Healthcare providers are also holding back from cloud initiatives due to the concern over data privacy and security. With the need to comply with key legislation such as the Health Insurance Portability and Accountability Act (HIPAA), the requirement to safeguard data -- even from government inspections -- is a demanding task and a challenge yet to overcome.

Related content:

Editorial standards