The US Patriot Act has struck fear into European users but
don't forget that our authorities have powers too. The USA
Patriot Act probably ranks alongside Sarbanes-Oxley in terms of
recognition and fear of US legislation outside the US. It is widely
known that this is the means by which FBI can get access to
confidential data and the reason that some UK businesses may be
holding back from cloud adoption, preferring an on-premise
solution. But are they right to fear the Patriot Act?
The EU data protection regime prevents the transfer of data
outside the European Economic Area to a country with inadequate
data protection laws or unless the recipient will provide the
adequate protection. The European Commission keeps a list of safe
countries. Canada and Switzerland are on this list and so is the
EU-US negotiated self-regulated Safe Harbor. Most of the large US
cloud providers have signed up to the Safe Harbor principles which
allow them to transfer data from the EU to the US. The EU
Commission is proposing to extend data protection in its proposed
new data protection regulation by stating that it applies to EU
data held outside the EU.
The USA Patriot Act was passed shortly after the atrocities of
11 September and served to revise and consolidate counter-terrorism
laws. This includes sweeping surveillance and search powers without
the need for court order. The American Civil Liberties Union has
challenged the issue of "National Security Letters" which
allows the FBI to collect information and to prevent anyone
receiving a letter from publicising it. While they have had some
success, the Act remains in force.
Impact outside the US
Keeping data in the EU is not enough. In June 2011, the managing
director of Microsoft UK admitted that it would comply with the
Patriot Act as its headquarters are based in the US. While it would
try to inform its customers before this happens, it would not
guarantee this. This means that if you do business with a UK
subsidiary of a US-based cloud operator and you specify that
English law applies and you choose a UK-based data centre operating
under EU data protection laws, the FBI can still get access to your
data. While this had already been suspected, this was the first
clear affirmation and is true for any US-based cloud provider.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
On 28 January 2014, Viviane Reding, Vice-President of the European Commission, and Justice Commissioner, gave a speech at the Center for European Policy Studies (CEPS) think tank, calling for "A data protection compact for Europe".
On February 4, 2014, the Mexican data protection authority, the Institute of Access to Information and Data Protection (IFAI), issued a statement to Bloomberg BNA announcing it anticipates issuing an abundance of fines in 2014 following an unprecedented increase in violations of Mexico’s Federal Law on the Protection of Personal Data in the Possession of Private Parties (the Federal Law).
The ‘Future of the Cookie Working Group’, established by the International Advertising Bureau (IAB) in 2012, has published a white paper titled ‘Privacy and Tracking in a Post-Cookie World’, which addresses the limitations of the traditional cookie.
Latest plans announced by the UK's Health and Social Care Information Centre (HSCIC) have resulted in a flurry of media controversy condemning NHS England (NHS) for advocating the sale of patient data to third parties for profitable gain.
The High Court’s decision to allow Safari users to bring their claim against Google in the English courts is of significant importance, demonstrating a shift in approach by the courts to how they deal with the impact of the disclosure of personal data.
The ICO has had a busy January with some key updates to note for the start of 2014
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”