Conflict of Laws: Data Protection in the Cloud

Grazed from Jurist.org.  Author: Jason Kellam.

In a recent proceeding before the US Court, Microsoft was ordered to turn-over email belonging to a user of its hosted mail service. That email belonged to a user outside the US. The email itself was located on a server in a data center in Ireland—outside the US, which should be out of the reach of US authorities and subject to the requirements of the EU privacy laws. Microsoft challenged the order and lost.

They argued that the court lacked jurisdiction over this particular data as it was stored outside the US, and therefore it was not subject to disclosure. They were wrong.  On April 25, 2014, Magistrate Judge James C. Francis of the Southern District of New York issued a memorandum and order upholding a subpoena ordering Microsoft to turn-over information held on a server in a datacenter in Ireland…


Microsoft had contested the subpoena and argued that courts in the United States do not have jurisdiction and therefore are not authorized to issue a warrant for an "extraterritorial search and seizure." Relying upon the Stored Communications Act (the "SCA"), passed as part of the Electronic Communications Privacy Act of 1986 (the "ECPA") and codified at 18 U.S.C. § 2701-2712, the judge found that, even when applied to information that is stored in servers abroad, an SCA warrant does not violate the presumption against extraterritorial application of American law and therefore denied Microsoft’s motion to quash the subpoena…

Read more from the source @ http://jurist.org/hotline/2014/08/ben-weinberger-cloud-data-protection.php