European Commission intervenes in Microsoft Irish data centre spat
Files brief to make sure US ‘correctly understands’ EU data protection law
The European Commission has stepped into the ongoing battle between Microsoft and the US government to make sure European laws are “correctly understood”.
The case, which kicked off in 2014, saw the US Department of Justice take Microsoft to court over the firm’s refusal to hand over emails held on servers in Ireland.
The government argued that Microsoft should comply with the warrant, under section 2703 of the Stored Communications Act, but the biz countered that search warrants couldn’t reach beyond US borders.
The Commission has now decided to add its voice to the debate, revealing today that it has submitted advisory material to the court on behalf of the European Union.
This is known as an amicus brief, documents filed by non-litigants that aim to give the court additional information that is relevant to the case.
The body said it had chosen to submit the brief because the transfer of personal data from the EU to the US - the issue at the heart of the case - falls under EU data protection.
“The Commission considered it to be in the interest of the EU to make sure that EU data protection rules on international transfers are correctly understood and taken into account by the US Supreme Court,” it said in a statement.
However, in its brief for the appeal case, filed yesterday (PDF), the DoJ repeated its argument that Microsoft could comply with the warrant “by undertaking acts entirely within the United States”.
It also said that Microsoft “has never stated that it would be subject to liability under the laws of Ireland or the European Union for disclosing in the United States any communications stored at its Dublin datacenter”.
The DoJ added that, “if an actual conflict of laws were to arise, our judicial system is equipped to handle that scenario. The government could exercise discretion to pursue alternate channels, where available.”
Elsewhere in the brief the DoJ noted that a court of appeals judgment (when the DoJ was denied the right to appeal) said that the Stored Communications Act focused on user privacy.
But, it argued, any invasion of privacy “occurs only when Microsoft discloses the communications to a third party”, which would happen in the US, “not in the foreign country or countries where Microsoft may decide to store the user’s emails at any given moment”.
It said that the firm “does not invade a user’s privacy” by transferring data from servers in Ireland to the US, “just as Microsoft was not restricted from migrating the specified account from the United States to Ireland in the first instance”.
The Commission said that its amicus brief “will not be in support of either one of the parties”.
Sponsored: Becoming a Pragmatic Security Leader