Organisations should be wary when entrusting their data to Cloud providers based in the U.S.
Microsoft, one of the first Cloud providers to come clean, have revealed that the U.S. authorities have the right to access any data stored by them, even if that data resides within the EU.
This isn’t the first time that the U.S. Patriot Act has come under fire. After the Act was passed 2001 because of Sept 11 terrorist attacks, students and staff from a Canadian university campaigned against their emails being routed through the States.
This will make firms more wary of utilising the new Microsoft roll-out as the software giant cannot guarantee data will not leave its place of origin.
In addition, Gordon Frazer CEO of Microsoft admitted that customers would only be informed “whenever possible” with respect to authorities extracting data.
Such an example is where the FBI has the ability to issue a ‘National Security Letter’ demanding a company’s data. Frazer stated that in this case he wouldn’t even be able to admit he had received such an order.
“In a limited number of circumstances, Microsoft may need to disclose data without your prior consent, including as needed to satisfy legal requirements or to protect the rights or property of Microsoft or others (including the enforcement of agreements or policies governing the use of the service)” said Frazer.
The head of Independent State Centre for Data protection in the German state of Schleswig Holstein, Thilo Weichert claimed that the sharing of data outside of the EU conflicts with EU laws. He argues that at the very least under such a service agreement companies should have the opportunity to terminate contracts with immediate effect.
So in summary, the best recommendation would be to use service providers who can ensure your data will remain in Europe.