IDG News reports on controversy over the USA Patriot Act in Europe:
Members of the European Parliament have demanded to know what lawmakers intend to do about the conflict between the European Union’s Data Protection Directive and the U.S. Patriot Act.
The issue has been raised following Microsoft’s admission last week that it may have to hand over European customers’ data on a new cloud service to U.S. authorities. The company may also be compelled by the Patriot Act to keep details of any such data transfer secret. This is directly contrary to the European directive, which states that organizations must inform users when they disclose personal information.
“Does the Commission consider that the U.S. Patriot Act thus effectively overrules the E.U. Directive on Data Protection? What will the Commission do to remedy this situation, and ensure that E.U. data protection rules can be effectively enforced and that third country legislation does not take precedence over E.U. legislation?” asked Sophia In’t Veld, a member of the Parliament’s civil liberties committee. […]
Microsoft can already transfer E.U. data to the U.S. under the Safe Harbor agreement. But legal experts have warned that this agreement is hardly worth the paper it’s written on. There are seven principles of Safe Harbor, including reasonable data security, and clearly defined and effective enforcement. However all this is nullified if the Patriot Act is invoked. […]
“Europeans would be better to keep their data in Europe. If a European contract partner for a European cloud solution, offers the guarantee that data stays within the European Union, that is without a doubt the best choice, legally,” [said Theo Bosboom, IT lawyer with Dirkzager Lawyers.]
The advice will come as a blow to the many cloud computing players registered in the U.S. including Microsoft, Facebook and Google. Microsoft’s new cloud service, which is due to be launched next week, will allocate geographic regions where customers’ data will be physically stored. But the computer giant could not guarantee that E.U. users’ information would not be disclosed: “In a limited number of circumstances, Microsoft may need to disclose data without your prior consent, including as needed to satisfy legal requirements, or to protect the rights or property of Microsoft.”