EU upset by Microsoft warning of US access to EU cloud

Members of the European Parliament are now up at arms. They demand to know what will be done about a conflict between the U.S. Patriot Act and the European Union's Data Protection Directive. The issue came up after Microsoft admitted last week that it may have to hand over Europeans' customer data on a new cloud service to U.S. authorities. The company may also be compelled by the Patriot Act to keep details of any such data transfer secret, according to PC World. This is contrary to the European directive, which states that organizations must inform users when they disclose personal information.

"Does the Commission consider that the U.S. Patriot Act thus effectively overrules the E.U. Directive on Data Protection? What will the Commission do to remedy this situation, and ensure that E.U. data protection rules can be effectively enforced and that third country legislation does not take precedence over E.U. legislation?" asked Sophia In't Veld, a member of the Parliament's Civil Liberties Committee.

Microsoft can already transfer E.U. data to the U.S. under the Safe Harbor agreement. There are seven principles in the agreement, including reasonable data security, and clearly defined and effective enforcement. All of this is nullified if the Patriot Act is involved. Microsoft's new cloud service will allocate geographic regions where customers' data will be physically stored. The computer giant could not guarantee that E.U. users' information would not be disclosed: "In a limited number of circumstances, Microsoft may need to disclose data without your prior consent, including as needed to satisfy legal requirements, or to protect the rights or property of Microsoft."

 

Report a problem with article
Previous Story

Windows Vista SP1 support being retired on July 12

Next Story

Hotmail turns 15, makes you feel old

45 Comments

Commenting is disabled on this article.

This is the first thing I've seen that heralds the end or at least reform of the Patriot Act. Once laws like this start cutting into corporate profits then they've got to go, especially if the cloud is going to be as big as many are expecting.

Hi there, it is the samething over and over, USA want EU data, but is not willing to give EU data from USA.
If you want data inform the owner, if it's here or overthere, same rights for everyone

I'm struck by the difference in the NAMES of the respective legislation.
US = "Patriot Act". It tells you nothing about the nature of the law. But it's great brainwashing: if you disagree with any of it then you are unpatriotic and are probably a terrorist. So comply or else Big Brother will get you.
EU = "Data Protection Directive". You may or may not agree with its aims, but at least the title tells you what it is about and allows reasoned debate.
I prefer the EU approach. If you NEED to call some draft legislation the "Patriot Act" in order to bulldoze it through the legislature and get it made into law, there is probably something deeply wrong with it.

US laws are followed if it's purpose is for power and control. Once you involve human need, they **** on the laws.

US will amend its Patriot Act's terms in line with EU requests when hell freezes over.
If you offer a product in the limits of EU territory, that is the sovereign law and nothing takes precedence over it.

Don't use the US companies' cloud if you don't like it. 'Free' has a price.

this has nothing to do with security this has to with america sticking there nose in to other information when they want just because they think they can..... you really think anything classed as a "threat" would be stored on a cloud? anyone stupid enough to store it there would be to stupid to carry out anything anyway. if this goes through then hey guess what PHD students could have there research viewed by america! YEA GREAT IDEA let our intelligent people get there hard research read before its time what a massive crap on there lap that will be and it will be the PHD stuff looked at because by the looks of it anything involving biology or chemicals is considered a threat to america

Shadrack said,
The Patriot Act is the most unpatriotic act in America's history. Sad.

Really? Worse than the South's secession?

Europe just talks, no muscles ...
w/o USA we can't even wage so-so air support war behind small sea ...
i remember decade ago the EU wanted in 10 years outmatch USA in science and economic strenght ...
not happened at all

I think this situation shows how ignorant are tech journalists and politicians.

Anybody working on cloud solutions knew about this patriot act thing for a long time!
I perfectly remember hearing about this at a Microsoft France conference more than a year ago! They even told us that if that's a problem for us or our customers, we should not use windows azure at all (or any other cloud service provided by a US company). No one really seems shocked to hear that in the audience.

And now, some ignorant journalist somehow learnt that only last week, and people goes crazy over it! Come on, there's nothing new here!

At least MS tell people about this at every conference, as opposite to google.
Google probably doesn't want people to be aware of that, because the cloud is their business, and they need people to be as ignorant as possible about the legal and technical shortcomings of the cloud.

This is a bunch of fake outrage, the EU has know since the beginning that this is what would happen, they are just putting up an act because MS made it public, as long as it was secret the EU didn't care and probably was helping the US out, now since it's out in the open they HAVE to put on the act to appease the people they've been lying to all this time

leeoniya said,
nothing in the Patriot Act benefits you nor me

It was never meant to benefit you, it was meant to hinder terrorists.
Osama Bin Laden was caught in part due to the Patriot Act (although I believe the powers the govt has far are fairly draconian with this act).

Hackersoft MS MVP said,

It was never meant to benefit you, it was meant to hinder terrorists.
Osama Bin Laden was caught in part due to the Patriot Act (although I believe the powers the govt has far are fairly draconian with this act).

And that doesn't benefit you?

If the EU cant get concessions from the US government at the very least about disclosure on when such data will be extracted. they should not shy away from banning cloud services from any US company that is subject to this. Really, its the only thing they can do if they want to have any hope of appearing to be in control of their own countries and their respective laws. Pretty sure the reverse would NEVER be allowed so the EU really has to take a tough stance. Otherwise we might as well call it Planet USA instead of Earth.

efjay said,
If the EU cant get concessions from the US government at the very least about disclosure on when such data will be extracted. they should not shy away from banning cloud services from any US company that is subject to this. Really, its the only thing they can do if they want to have any hope of appearing to be in control of their own countries and their respective laws. Pretty sure the reverse would NEVER be allowed so the EU really has to take a tough stance. Otherwise we might as well call it Planet USA instead of Earth.

EU, go and kick asses for me!

efjay said,
If the EU cant get concessions from the US government at the very least about disclosure on when such data will be extracted. they should not shy away from banning cloud services from any US company that is subject to this. Really, its the only thing they can do if they want to have any hope of appearing to be in control of their own countries and their respective laws. Pretty sure the reverse would NEVER be allowed so the EU really has to take a tough stance. Otherwise we might as well call it Planet USA instead of Earth.

efjay said,
If the EU cant get concessions from the US government at the very least about disclosure on when such data will be extracted. they should not shy away from banning cloud services from any US company that is subject to this. Really, its the only thing they can do if they want to have any hope of appearing to be in control of their own countries and their respective laws. Pretty sure the reverse would NEVER be allowed so the EU really has to take a tough stance. Otherwise we might as well call it Planet USA instead of Earth.

Would make great business sense for the EU as well. I can't see Microsoft, Google et al keeping their HQ in the US and ignoring such a large market as the EU. Move their HQ to the EU and then do business vice versa.

Unfortunately, some Americans are all too willing to give up a large amounts of freedom for a false sense of security. The Patriot Act was a terrible idea from the beginning, and this data issue is just minor thing compared to some of the other powers it gives our government.

selphj said,
Unfortunately, some Americans are all too willing to give up a large amounts of freedom for a false sense of security. The Patriot Act was a terrible idea from the beginning, and this data issue is just minor thing compared to some of the other powers it gives our government.

Agreed. And I'm an American. One of our own founding fathers (Benjamin Franklin) made this assessment: "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."

selphj said,
Unfortunately, some Americans are all too willing to give up a large amounts of freedom for a false sense of security. The Patriot Act was a terrible idea from the beginning, and this data issue is just minor thing compared to some of the other powers it gives our government.
Agree with this.

nubs said,

Agreed. And I'm an American. One of our own founding fathers (Benjamin Franklin) made this assessment: "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."

Man, I wish your founding fathers were still around. They did a SO much better job at running the US than just about anyone since!

FloatingFatMan said,

Man, I wish your founding fathers were still around. They did a SO much better job at running the US than just about anyone since!

They are all currently rolling in their graves in disgust and shame over the way the US is being run right now.

nubs said,

Agreed. And I'm an American. One of our own founding fathers (Benjamin Franklin) made this assessment: "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
This quote is completely idiotic. Virtually all state power entails trading off liberty for security. That is the reason states exist in the first place. Wanna live in anarchist paradise? I hear Somalia's nice this time of year.

This isn't MS' fault, this is the USA's fault. They have to comply by the law of the US, and so does Google and Amazon.

MS is simply stating the situation as it is, if the EU wants it changed, they need to lobby the US to get it done.

Hercules said,
This isn't MS' fault, this is the USA's fault. They have to comply by the law of the US, and so does Google and Amazon.

MS is simply stating the situation as it is, if the EU wants it changed, they need to lobby the US to get it done.

but first they need lobbing money, so fine MS! *lol* j/k

Yeah, every US based company has to go by those rules. MS just stating a fact.

The US Government needs to stop having so much fear or using fear to come up with ridiculous polices.

Hercules said,
This isn't MS' fault, this is the USA's fault. They have to comply by the law of the US, and so does Google and Amazon.

MS is simply stating the situation as it is, if the EU wants it changed, they need to lobby the US to get it done.

Really? This is the price of the cloud...if you data can be anywhere, it is subject to the laws of any country in which your data resides. No different than the company having a foreign office with servers or even paper documents.

Such is the problem with distributed data models.

schubb2003 said,

Really? This is the price of the cloud...if you data can be anywhere, it is subject to the laws of any country in which your data resides. No different than the company having a foreign office with servers or even paper documents.

Such is the problem with distributed data models.


Not exactly.
European cloud data will be stored in the two European datacenters (in Dublin and The Netherlands, as far as I remember). MS claims that, regardless of where the data are stored, being a US company it falls under the patrioct act (and it would be the same for subsidiaries).

pdg said,

MS claims that, regardless of where the data are stored, being a US company it falls under the patrioct act (and it would be the same for subsidiaries).

This is, unfortunately, correct.

It was good of Microsoft to make the EU aware of this, but I hope the EU realizes that this applies to ALL cloud/web based services run by US companies, not just those from Microsoft.

pdg said,

Not exactly.
European cloud data will be stored in the two European datacenters (in Dublin and The Netherlands, as far as I remember). MS claims that, regardless of where the data are stored, being a US company it falls under the patrioct act (and it would be the same for subsidiaries).

Does the patriot act really apply to non-US subsidiaries of Microsoft? This would seem really unfair to me. A subsidiary is a serpent legal entity that may be incoroporated under the law of a different country. What right does the US have to force the board of directors of a non-US company to hand over data to a different sovereign state?

Assuming that Microsoft USA is the sole shareholder of Microsoft Ireland, then I guess Microsoft USA does have shareholder "reserve powers" to get data out, however this seems really far fetched and does it actually say in the patriot act that Microsoft has to exercise such reserve power on foreign subsidiaries??

Soldiers33 said,

+1 they think they own everything and everyone

This hasn't anything to do with what we want. It has to do with what actions need to be taken by Microsoft so that both sides (U.S. and E.U.) can agree as to how this Cloud crap should work as fair as security goes for both U.S. and E.U..

Pam14160 said,

This hasn't anything to do with what we want. It has to do with what actions need to be taken by Microsoft so that both sides (U.S. and E.U.) can agree as to how this Cloud crap should work as fair as security goes for both U.S. and E.U..

No, it's got nothing to do with Microsoft in specific, every Cloud hosting company is affected. The only thing MS did was bring the issue to light. As stated above, if data was requested by the Patriot Act it would have to be kept a secret.

Xerax said,
America needs to back-off.
Why? it's the EU who needs to back off! MS's cloud is based in America and thereby governed by US law and if the EU doesn't like it, build their own cloud service! The EU really needs to find something better to do then attack MS at every turn. That is my 2 cents, take with a grain of salt.

Xerxes said,
Why? it's the EU who needs to back off! MS's cloud is based in America and thereby governed by US law and if the EU doesn't like it, build their own cloud service! The EU really needs to find something better to do then attack MS at every turn. That is my 2 cents, take with a grain of salt.

I completely agree. The EU likes to try and stick MS with every chance they get.

Xerxes said,
Why? it's the EU who needs to back off! MS's cloud is based in America and thereby governed by US law and if the EU doesn't like it, build their own cloud service! The EU really needs to find something better to do then attack MS at every turn. That is my 2 cents, take with a grain of salt.
The fact they are based in the US doesn't hold water. If they cater to consumers within Europe then they have to comply with EU law.
As for attacking Microsoft, what they said could apply to any company complying with the misguided "patriots act" law.

Xerxes said,
Why? it's the EU who needs to back off! MS's cloud is based in America and thereby governed by US law and if the EU doesn't like it, build their own cloud service! The EU really needs to find something better to do then attack MS at every turn. That is my 2 cents, take with a grain of salt.

The EU isn't attacking MS, they're concerned about the issues that MS have raised and quite rightly so. As others have pointed out this effects any company that offers a cloud service with servers based in the US and the question about jurisdiction and data ownership need to be cleared up.

As Wikileaks recently found, it may not be such a good idea to host data on US-based servers if you're concerned about privacy and data protection.

EDIT: reading on I see that it's more complicated than just where the servers are based but applies to where the hosting company is based. That's even more problematic.