A European Commission spokesperson told eWEEK that the body is extremely concerned about a court decision in New York that orders Microsoft to turn over the contents of email contained on a server in Ireland to federal prosecutors.
That decision would appear to place Microsoft in direct violation of Irish and European Union data protection laws. Federal Judge Loretta Preska said in her July 31 decision that the location of the data doesn’t matter, but what matters is where the data is controlled.
The European Union would differ on that view, it appears. In interviews with eWEEK, officials with the Irish government and the European Commission say that it’s against their laws for Microsoft to divulge such data, regardless of any U.S. warrant. Microsoft has said that doing so would cause serious harm to U.S. companies and that it doesn’t believe the warrant in question is constitutional.
A spokesperson for the European Commission (the EC is the executive branch of the European Union) told eWEEK in an email that the commission has already raised its concern about this case with the U.S. government on several occasions. The spokesperson noted that one of the reasons that the EU and the United States have a mutual assistance treaty is to avoid problems such as these.
The spokesperson, who was not authorized to discuss the case publicly, offered comments on the condition of anonymity.
“The case is an example of the complex legal issues faced by companies operating on both sides of the Atlantic,” the spokesperson told eWEEK. “The commission has raised this issue with the U.S. government on a number of occasions. The commission remains of the view that where governments need to request personal data held by private companies and located in the EU, requests should not be directly addressed to the companies but should proceed via agreed formal channels of cooperation between public authorities, such as the mutual legal assistance agreements.”
The United States and the EU have negotiated treaties that are called “Mutual Assistance Agreements” that govern how evidence in one nation is provided to the other. Normally, what happens is that the prosecutor or other entity seeking evidence submits a formal request through the channels agreed on in the treaty and the evidence is then provided. The request for evidence can be denied in some situations, but normally, it’s subject to the same controls as other international agreements.
In the Microsoft case, prosecutors wanted the contents of the email stored overseas, but didn’t want to follow the established procedures. According to testimony in hearings on July 31, the prosecutor feels that the process is “cumbersome” and wouldn’t produce the evidence as quickly as they wanted it.
European Union Expresses Concern About Microsoft Email Privacy Case
The prosecutor also didn’t want to use another process, which was to issue a subpoena, because the subject of the search might find out about it.
A U.S. District Court magistrate authorized the warrant, and Microsoft went to court to try to quash the warrant. But, on July 31, Judge Preska upheld the warrant but stayed her order so that Microsoft could appeal.
The EU, however, feels that such agreements should be honored. “In the context of the negotiations on the umbrella agreement on data protection in the area of law enforcement and judicial cooperation, the commission has asked the U.S. to undertake commitments in that regard in order to avoid these potential conflicts of laws,” the spokesperson told eWEEK in an email response.
eWEEK contacted the U.S. Department of Justice to see if there was a better explanation as to why the prosecutor was determined to enforce the warrant despite the existing treaty procedure between the United States and EU. “We’ll reserve any comment for court,” spokesperson Peter Carr told eWEEK when asked for a comment.
Meanwhile, the EC is keeping tabs on the activities in the federal courts as Microsoft appeals the July ruling. “The commission will carefully assess this judgment and any future development of this case in view of possible implications for the ongoing negotiations with the U.S.,” the EC spokesperson told eWEEK.
Those negotiations are going on with the U.S. Department of State. However, the State Department has not issued a comment on the case in response to eWEEK’s inquiries.
The European Union is further strengthening its privacy protections, partially in response to challenges such as the recent court decision. Specifically, new reforms to European privacy laws will protect data in the EU, even when the company holding the data isn’t based in Europe.
“The proposed reform of EU data protection rules will ensure that EU rules apply to all companies, even those not established in the EU, whenever they handle personal data of individuals in the EU. This principle has received strong backing, both from the European Parliament and member states,” the EC spokesperson told eWEEK.
Because of the comparative strength of European privacy laws versus those in the United States, American companies are at a growing disadvantage when competing internationally.
If Microsoft loses this case, it’s a safe bet that non-U.S. companies are going to decline to use Microsoft or any other U.S. company as a safe place to store their data. After all, if international law and treaties can be ignored with impunity, they’d be crazy to risk it.