Microsoft has cited new European data protection rules in support of its claim that the U.S. government should use inter-governmental agreements rather than a warrant to force the technology company to provide emails stored in Ireland that are required for an investigation. The General Data Protection Regulation was adopted last week by the European Parliament with an aim to provide an unified data protection regime across member states. It was earlier adopted by the Council of the EU, and is to come into effect in a little over two years after its publication in the EU Official Journal. The legislation will replace the EU Data Protection Directive, which dates back to 1995. In a filing in the U.S. Court of Appeals for the Second Circuit, Microsoft's lawyer E. Joshua Rosenkranz referred to Article 48 of the regulation, which states that any "judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty....." This rule sits well with Microsoft's own position in the dispute.
A federal appeals court in New York has ruled that Microsoft and other tech companies do not have to turn emails stored on servers overseas over to the U.S. government, in what is seen as a landmark privacy case. The company had challenged a Department of Justice warrant seeking access to emails believed to be related to a drug-trafficking case, which were held on a Microsoft server in Dublin. An earlier ruling at the district-court level required the U.S. software giant to hand over the emails, according to Reuters. The case is considered important by privacy advocates and companies that offer cloud-computing services around the world. Microsoft had warned that allowing access to emails on overseas servers could usher in a "free for all" in terms of access to people's private information, as other countries could similarly demand access to data in the U.S., the BBC reports.
WASHINGTON (Reuters) - Legislation that would require law enforcement to obtain a search warrant before asking technology companies to hand over dated emails unanimously moved forward in the U.S. House of Representatives on Wednesday, although its prospects for becoming law this year remain uncertain. The House Judiciary Committee voted 28-0 to approve the Email Privacy Act, which would update a decades-old federal law to require federal authorities obtain a search warrant to access emails or other digital communications that are more than 180 days old. Currently, law enforcement and civil agencies can ask a service provider to turn over such aged private communications with only a subpoena, which is subject to less judicial oversight than a warrant.
A new bill in Congress would require U.S. law enforcement agencies to obtain court-ordered warrants before demanding the emails of the country's residents when they are stored overseas. The International Communications Privacy Act, introduced Wednesday by three senators, would close a loophole that allows law enforcement agencies to request emails and other electronic documents without warrants. Congress has been working since 2010 to rework the 1986 Electronic Communications Privacy Act (ECPA), a law that sets down rules for law enforcement access to electronic communications, but the focus has been on requiring warrants for emails and other communications stored in the cloud for longer than 180 days. Congress, however, should also protect privacy for emails stored overseas, given that customer data can be stored anywhere in the world, said Senator Orrin Hatch, a Utah Republican and lead sponsor of the new bill. "We need also to recognize the critical importance of data privacy on an international scale," he said Thursday.
WASHINGTON – The U.S. Supreme Court on Monday agreed to resolve a major privacy dispute between the Justice Department and Microsoft Corp over whether prosecutors should get access to emails stored on company servers overseas. The justices will hear the Trump administration's appeal of a lower court's ruling last year preventing federal prosecutors from obtaining emails stored in Microsoft computer servers in Dublin in a drug trafficking investigation. That decision by the New York-based 2nd U.S. Court of Appeals marked a victory for privacy advocates and technology companies that increasingly offer cloud computing services in which data are stored remotely. Prosecutors say a ruling in favor of Microsoft could undermine a range of criminal investigations. Microsoft, which has 100 data centers in 40 countries, was the first U.S. company to challenge a domestic search warrant seeking data held outside the country.