Data of European citizens stored in cloud at risk from U.S. agencies, say Dutch researchers


Despite strong European privacy laws, Dutch legal experts have warned that cloud-based data originating in Europe could be acquired and reviewed by U.S. law enforcement and intelligence agencies under the Patriot Act. 

Although University of Amsterdam Institute for Information Law authors of a November 2012 paper have no evidence that the act has been used to extract European-based cloud-stored data,  they argue that America's controversial 2001 anti-terror legislation could theoretically be used by U.S. agencies to circumvent Europe's data protection laws.

Under the legal doctrine of "extra-territorial" jurisdiction, businesses, schools, and universities located outside the United States--including foreign governments--that use cloud services could be forced by U.S. law enforcement to transfer data to U.S. territory for inspection, paper authors say.

In addition, due to the fact that non-U.S. residents are not protected from unwarranted searches under the Fourth Amendment, the Dutch researchers say that this gives the U.S. government entities concerned the statutory power to gather data on a large scale about non-U.S. citizens located abroad.

According a CNET article, Microsoft U.K. Managing Director Gordon Frazer admitted that the company as a cloud service provider could not guarantee that European citizen data stored in EU-based data centers would not leave the European Union under any circumstances, including under a Patriot Act request. "Neither can any other company," Frazer added.

For more:
- download the paper, "Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act," by Joris Van Hoboken, Axel Arnbak and Nico Van Eijk from SSRN
read the CNET article 

Related Articles:
DOJ pen register and trap and trace surveillance sharply up
Senate Judiciary postpones stored communications privacy overhaul
More than 1M cellular records requested by law enforcement last year