Microsoft's data jurisdiction problems may have been resolved by new Trump law
3 min. read
Published on
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Microsoft has been involved in a long-running battle with the DoJ over access to data Microsoft held about a suspect which was stored overseas in Ireland. The DoJ wanted Microsoft to hand over the data directly on the delivery of a warrant, while Microsoft wanted the DoJ to request the data via international treaty arrangements from Ireland.
The case is currently in the Supreme Court, but a new law, just signed in this Friday, may have just made it obsolete.
The Cloud Act establishes a legal pathway for the US to form agreements with other nations that make it easier for law enforcement to collect data stored on foreign soil. This would mean countries would set up bilateral agreements to exchange user data on delivery of a warrant.
Microsoft is in support of the law, which they say finally provides legal clarity.
Microsoft’s president and chief legal officer, Brad Smith, said in a blog post that the Cloud Act is a “good compromise” that addresses law enforcement needs while also ensuring “appropriate protections for privacy and human rights.”
The door, however, would swing both ways, and Amnesty International and Human Rights Watch expressed concern that US companies would now be obligated to share data on US users with foreign governments without much vetting.
The ACLU writes:
No more U.S. government vetting of foreign countries’ requests for data
The very premise of the current CLOUD Act — the idea that countries can effectively be safe-listed as human-rights compliant, such that their individual data requests need no further human rights vetting — is wrong. The CLOUD Act requires the executive branch to certify each of these foreign governments as having “robust substantive and procedural protections for privacy and civil liberties” written into their domestic law. But many of the factors that must be considered provide merely a formalistic and even naïve measure of a government’s behavior.
In the case of countries certified by the executive branch, the CLOUD Act would not require the U.S. government to scrutinize data requests by the foreign governments — indeed, the bill would not even require notifying the U.S. government or a user regarding a request. The only line of defense would be technology companies, which hypothetically could refuse the request and refer it to the MLA process, but which may not have the resources, expertise, or even financial incentive to deny a foreign government request.
Read more on the ACLU’s objections here.
Republican Senator Orrin Hatch and lawmakers on both sides of the aisle, however, support the Cloud Act.
“The bill sets forth strict privacy, human rights, and rule of law standards that countries that enter into such agreements must meet,” Hatch said in a blog post. “It also contains provisions to ensure that consumers are protected by their nation’s own laws.”
Via WPAB.com
User forum
0 messages