Members of the European Parliament are now up at arms. They demand to know what will be done about a conflict between the U.S. Patriot Act and the European Union's Data Protection Directive. The issue came up after Microsoft admitted last week that it may have to hand over Europeans' customer data on a new cloud service to U.S. authorities. The company may also be compelled by the Patriot Act to keep details of any such data transfer secret, according to PC World. This is contrary to the European directive, which states that organizations must inform users when they disclose personal information.
"Does the Commission consider that the U.S. Patriot Act thus effectively overrules the E.U. Directive on Data Protection? What will the Commission do to remedy this situation, and ensure that E.U. data protection rules can be effectively enforced and that third country legislation does not take precedence over E.U. legislation?" asked Sophia In't Veld, a member of the Parliament's Civil Liberties Committee.
Microsoft can already transfer E.U. data to the U.S. under the Safe Harbor agreement. There are seven principles in the agreement, including reasonable data security, and clearly defined and effective enforcement. All of this is nullified if the Patriot Act is involved. Microsoft's new cloud service will allocate geographic regions where customers' data will be physically stored. The computer giant could not guarantee that E.U. users' information would not be disclosed: "In a limited number of circumstances, Microsoft may need to disclose data without your prior consent, including as needed to satisfy legal requirements, or to protect the rights or property of Microsoft."