European Parliament members are up in arms after a recent admission by Microsoft that they may be required by the Patriot Act to secretly give U.S. authorities access to European data stored in Microsoft's cloud. The controversy stems from the EU's Data Protection Directive, which dictates that companies must notify users if/when their data is handed over to another party. If Microsoft is forced to follow Patriot Act guidelines, then that would mean the U.S. law would trump European law. Some parliamentarians have taken up the cause to prevent that from happening.
Sophia In't Veld, a member of the Parliament's civil liberties committee, urged her colleagues to consider the matter:
"Does the Commission consider that the U.S. Patriot Act thus effectively overrules the E.U. Directive on Data Protection? What will the Commission do to remedy this situation, and ensure that E.U. data protection rules can be effectively enforced and that third country legislation does not take precedence over E.U. legislation?"
Currently, the Safe Harbor act, which allows companies like Microsoft to transfer data from European storage facilities guarantees users reasonable security and enforcement. However, if the Patriot Act is allowed supersede that, then it renders that guarantee useless. Theo Bosboom, IT lawyer with Dirkzager Lawyers, had this to say:
"I'm afraid that Safe Harbor has very little value anymore, since it came out that it might be possible that U.S. companies that offer to keep data in a European cloud are still obliged to allow the U.S. government access to these data on basis of the Patriot Act..."
The struggle for data protection extends beyond the issue of sovereignty of state. Should the matter remain as is, it opens the floodgates for other companies' data to be secretly put in the hands of U.S. officials. Google, Facebook, Twitter, etc. could all be affected. European Parliament members have taken up the cause for their constituents, but until it is fully resolved, Bosboom says that, "Europeans would be better to keep their data in Europe. If a European contract partner for a European cloud solution, offers the guarantee that data stays within the European Union, that is without a doubt the best choice, legally."