Microsoft reveals European cloud data is vulnerable to U.S. Patriot Act

By Tom Warren, on 4th Jul 11 8:20 am with 8 Comments

European Cloud

Microsoft has admitted that European-based cloud data is not protected from the U.S. Patriot Act. The admission was made by Gordon Frazer, Microsoft UK’s managing director. Frazer made his remarks at an Office 365 launch in London last week. ZDNet captured Frazer’s comments during a QnA. One audience member asked whether “Microsoft could guarantee that EU-stored data, held in EU based datacenters, would not leave the European Economic Area under any circumstances – even under a request by the Patriot Act?” Frazer explained that Microsoft was unable to guarantee this and that customers would be informed wherever possible unless a court injunction prevented it. “Microsoft cannot provide those guarantees. Neither can any other company,” he said. Microsoft outlines its legal procedures for all of its online services in a detailed legal document on the company’s homepage:

“In a limited number of circumstances, Microsoft may need to disclose data without your prior consent, including as needed to satisfy legal requirements, or to protect the rights or property of Microsoft or others (including the enforcement of agreements or policies governing the use of the service).”

The ramifications of European data being subject to the U.S. Patriot Act will worry a number of companies based in Europe and question the security and privacy of the cloud.

Image Credit: Globalism Pictures (Flickr)

  • Quentin Calvez

    Wow, now that is huge. Having some of our company data hosted in Germany by Microsoft, we would expect it to be under German law, and not be made accessible to the US government…

    • GUEST

      Just look what data is stored where. It should become very clear what laws would apply.

  • S1lence

    I’m not US citizien and why should they have any access to my data???

  • Michiel Papp

    The problem is in the cloud. With the cloud growing with the minute it becommes quite unclear were legal border are drawn. Are the laws of the country’s the servers are in the correct ones? Is it the law of the country the company is from?

    The ligns will blurr and maybe it’s time to make a new sets of laws especially for these kind of things.

    I think company’s like facebook are more dangerous in that regard. If they fall under the patriot act (which they do) then all your info can just be thrown there for anyone to see. And it takes 1 corrupt person to draw up a few documents.

  • Anonymous

    Well it’s not that hard to fix this. Simply start a new company in Switzerland or the Caymans or something like that and move all the cloud business to that company.

    Even better, they could partner with Google, Yahoo and Facebook and buy a part og Greenland from Denmark and have all their servers there.

  • Lloyd

    Countries will need to draft their own laws to prevent Microsoft doing this or it’ll be game over for the Cloud. Microsoft may need to assist sovereign counties in this regard. As the owner of  Microsoft Partner Company I would not advise any of my customers to trust their data to the United States Government. Even people living in the United States, with good reason, don’t trust their own government. Those of us who live in countries outside the United States definitely don’t trust them.

  • Syrious

    Tom how did you manage to snap that photo of the EU cloud? ;P