European information stored in the cloud is subject to inspection by U.S. intelligence agencies, CBS news reports.
Despite Europe’s stringent data protection laws, the anti-terror Patriot Act has the ability and authority to get around those privacy laws and look at European citizens’ information.
Most cloud providers, and certainly the market leaders, fall within the U.S. jurisdiction either because they are U.S. companies or conduct systematic business in the U.S.,” Axel Arnbak, one of the authors of the research paper, told CBS News.
As CBS reports, “The Patriot Act, signed into law in 2001, granted some new powers to U.S. authorities, but it was mainly a ‘framework law’ that amended and strengthened a variety of older laws, such as the Foreign Intelligence Services Act (FISA) and the Electronic Communications Privacy Act (ECPA).”
“In particular, the Foreign Intelligence Surveillance Amendments (FISA) Act makes it easy for U.S. authorities to circumvent local government institutions and mandate direct and easy access to cloud data belonging to non-Americans living outside the U.S., with little or no transparency obligations for such practices — not even the number of actual requests,” he said.
This seems to be the case for requests targeted at both non-U.S. individuals and businesses.
Dutch vice-chair of the European Parliament’s civil liberties committee Sophie in’t Veld told CBS News that “the European Commission’s proposals for new data protection rules will not solve the potential conflicts posed by third country law.”
CBS also reports that “Information security, privacy and data protection lawyer BryanCunningham, who worked under both democratic and republican administrations, most recently as deputy legal advisor to former U.S. National Security Advisor Condoleezza Rice under President George W. Bush, told CBS News that this ‘important report’ should ‘help correct a widespread post-9/11 misconception,’ that the Patriot Act and related legislation, ‘provided vast new powers for the U.S. government to gain access to sensitive communications and data of non-U.S. persons.’”