By Lucian Constantin
Google has admitted complying with requests from US intelligence agencies for data stored in its European data centers, most likely in violation of European Union data protection laws.
Gordon Frazer, Microsoft UK’s managing director, made news headlines some weeks ago when he admitted that Microsoft can be compelled to share data with the US government regardless of where it is hosted in the world.
At the center of this problem is the USA PATRIOT ACT, which states that companies incorporated in the United States must hand over data administered by their foreign subsidiaries if requested.
Not only that, but they can be forced to keep quiet about it in order to avoid exposing active investigations and alert those targeted by the probes.
This situation poses a serious problem for companies like Microsoft, Google or Amazon, which offer cloud services around the world, because their subsidiaries must also respect local laws.
For example, European Union legislation requires companies to protect the personal information of EU citizens and this is clearly not something that Microsoft, Google, Amazon, or any of their EU customers can do.
The situation is likely to spark an official inquiry from the European Commission, with some members of the European Parliament already reacting to the stories. It’s hard to foresee what kind of solution can be found at this point, but one thing’s clear – US-based cloud providers operating in EU can be forced to break the law. European companies and government agencies that are using their services are also in a tough position.