EU Upset With Microsoft's Admission About Handing Over EU Cloud Data To U.S. Authorities

Members of the European Parliament demand to know what lawmakers intend to do about the conflict between the European Union's Data Protection Directive and the U.S. Patriot Act.The issue has been raised following Microsoft's admission last week that it may have to hand over European customers' data on a new cloud service to U.S. authorities. […]

Members of the European Parliament demand to know what lawmakers intend to do about the conflict between the European Union's Data Protection Directive and the U.S. Patriot Act.

The issue has been raised following Microsoft's admission last week that it may have to hand over European customers' data on a new cloud service to U.S. authorities. The company may also be compelled by the Patriot Act to keep details of any such data transfer secret, reports PC World.

This is directly contrary to the European directive, which states that organizations must inform users when they disclose personal information.

"Does the Commission consider that the U.S. Patriot Act thus effectively overrules the E.U. Directive on Data Protection? What will the Commission do to remedy this situation, and ensure that E.U. data protection rules can be effectively enforced and that third country legislation does not take precedence over E.U. legislation?" asked Sophia In't Veld, a member of the Parliament's civil liberties committee.

Commissioner Viviane Reding, who is responsible for data protection, has in the past seemed to welcome a privacy protection bill introduced by senators John Kerry, a Massachusetts Democrat, and John McCain, an Arizona Republican, as a possible solution. "I welcome a draft Bill of Rights just introduced in the U.S. Congress as a bipartisan initiative of Democrats and Republicans. The Commission also shares the main objective of the Bill: strengthening individuals' trust in new technologies through compatible standards," she said.

Microsoft can already transfer E.U. data to the U.S. under the Safe Harbor agreement. There are seven principles in the agreement, including reasonable data security, and clearly defined and effective enforcement. All of this is nullified if the Patriot Act is involved. Microsoft's new cloud service will allocate geographic regions where customers' data will be physically stored. The computer giant could not guarantee that E.U. users' information would not be disclosed: "In a limited number of circumstances, Microsoft may need to disclose data without your prior consent, including as needed to satisfy legal requirements, or to protect the rights or property of Microsoft."

[Via: PC World]