BRUSSELS -- European lawmakers have been revising and updating the data protection laws that apply to all 27 European member states, after it was discovered that the United States can use the Patriot Act to access European citizens' data without their consent.
The European Commission's justice commissioner Viviane Reding met with German Consumer Protection Minister Ilse Aigner, discussed the new directive yesterday and outlined plans for the updated law to compel any non-European company -- with customers or clients within Europe -- to comply with European regulations.
In a statement, it was said that the: "European Commission will come forward with proposals to reform the 1995 Data Protection Directive by the end of January 2012".
"We both believe that companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business on our internal market", the joint statement added.
Referring to the cloud, the new law will not only modernise the data protection laws, but will also counteract the effects of the Patriot Act in Europe.
The 1995 directive, which passed into the local legal system of each member state, is over 15 years old. It is widely considered to be outdated and flawed, in light of technological developments, such as cloud computing, developed since the directive was ratified.
During Microsoft's Office 365 launch, Gordon Frazer, managing director of Microsoft UK, admitted exclusively to ZDNet that the Patriot Act can be invoked by U.S. law enforcement to access EU-stored data without consent.
This alone set a precedent that had not been seen before: an industry leader admitting that European data was not safe nor protected from a foreign government, the United States.
Microsoft, Google, Amazon, along with any other U.S. based organisation, has to comply with local U.S. laws. Any data that is housed, stored or processed by a U.S. based company, is vulnerable to interception and inspection by U.S. authorities.
The new law will likely not go into effect for several years. Not only did it take three years for the 1995 directive to be ratified by the 27 European member states, the new law will have to undergo scrutiny, discussion, debate and stress-testing by European parliamentarians.
Companies such as the aforementioned cloud service providers will be given the chance to propose changes to the law in efforts to enable their services to maintain without disruption of its services.
One of the reported changes to the law could if anything drive up the use of cloud services, by making data that has been lost liable to the cloud service provider, rather than the "data controller", the person or organisation that owns the data.
Read more: Facebook and other social networks could find themselves in hostile territory once the new laws are enacted, with EU Commissioner Reding already having the social networking giant in her crosshairs. See the article here.
- Microsoft admits Patriot Act can access EU-based cloud data
- EU demands answers over Microsoft’s Patriot Act admission
- Patriot Act affects European cloud adoption
- Facebook rebuked by EU privacy platform; Patriot Act a 'distraction'?
- How universities got it so wrong over Patriot Act outsourcing