Cloud and the Patriot Act - the battle over data

Microsoft has confirmed what many of us had long suspected, EU data is not safe from the Patriot Act - good news for European providers.

Just how much harm will Microsoft’s admission that data held on its servers in Europe would be handed over to US authorities if the company was commanded to do so. Or perhaps the question should be: how are European companies going to benefit.

 US companies obligation under the US Patriot Act have been debated for some time – it was number one in Cloud Pro’s list of cloud pitfalls and my colleague Jon Honeyball was warning about this particular danger last year, while ZDNet's Zack Whittaker has been like a dog with a bone on the topic.

But as far as I know, no other US company has openly admitted that data stored by European companies in European data centres could be subject to Patriot Act requests so Gordon Frazer’s admission has created an interesting precedent – not least because of European Union’s strict laws on personnel data.  The first test case when a US government tries to copy details of German citizens’ personnel records without their consent will be an interesting one.

You don’t have to be drug dealer, a money launderer or a terrorist to start feeling twitchy about this. Foreign governments having access to personal details is an emotional issue

The immediate beneficiaries are going to be European cloud providers. The Microsoft admission has given them a cast-iron marketing :“Come with us, we’re guaranteed 100% European”  - even if that does make them sound like hamburger vendors.

The cloud industry is in a nascent state and there have already been a few hiccups along the way – Amazon outages, Gmail attacks etc – the last thing such a small, growing industry needs are US companies unwilling to ensure their customers that their data is safe.

Cloud providers need to draw up a code of conduct immediately saying what they will and won’t accede to the authorities. They will need to spell out their customers’ responsibilities and they will need to work with legal bodies this side of the pond.

And European cloud providers should start the marketing now – this is an open goal that even England forwards couldn’t miss.

Read more about: