Feeds

EU cloud data can be secretly accessed by US authorities

US-owned companies bound by Patriot Act, says Microsoft

Secure remote control for conventional and virtual desktops

Personal information belonging to EU users of US-owned cloud-based services could be shared with US law enforcers without the user being informed, Microsoft has said.

The software giant said it could not guarantee that it would not have to hand over EU customers' data on a new cloud service it has developed whilst keeping details of the data transfer secret.

Cloud services allow internet users to store data online instead of locally.

EU data protection laws state that organisations must tell people when they are asked to disclose their personal information.

These EU provisions might conflict with obligations US-based firms, such as Microsoft, face under US law.

The USA Patriot Act gives law enforcement authorities the right to access personal data held by US-based companies, regardless of where it is stored in the world. The Act also gives law enforcers the right to prevent firms informing the customer that they have had to hand over the information. The controversial law was established as an anti-terrorism tool.

Microsoft is set to launch a new cloud service next week. It said it will allocate its customers a region where their information will be physically stored, but said it could not guarantee that it would tell EU customers' details if US authorities sought access to their data.

"In a limited number of circumstances, Microsoft may need to disclose data without your prior consent, including as needed to satisfy legal requirements, or to protect the rights or property of Microsoft or others (including the enforcement of agreements or policies governing the use of the service)," Microsoft said in its online data storage services' privacy policy.

"As a general rule, customer data will not be transferred to data centers outside that region," Microsoft said in an explanation about geographic boundaries for its new service.

"There are, however, some limited circumstances where customer data might be accessed by Microsoft personnel or subcontractors from outside the specified region (eg, for technical support, troubleshooting, or in response to a valid legal subpoena)," the explanation said.

The USA Patriot Act caused controversy in Canada in 2008 when a Canadian university told its staff and students not to send private data over an email system.

The system was outsourced to the US, prompting staff to lodge an official grievance against the university.

Staff complained that the fact that their emails are routed through the US meant their contents were vulnerable to interception by US authorities.

Microsoft can already transfer personal data from Europe to the US under a special agreement drawn up by the European Commission and US Department of Commerce.

The Safe Harbor scheme allows US companies that meet the requirements of the EU's Data Protection Directive to transfer EU data to the US.

EU companies are generally prohibited from transferring personal data to countries outside the European Economic Area unless there is adequate protection for that data.

Copyright © 2011, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.