Appeals Court Rules That U.S. Can’t Compel Companies To Turn Over Data Stored In Another Country

By Lucian Armasu
published

Two years ago, a U.S. court ruled that Microsoft had to turn over a customer’s email data stored on a server in Ireland. Microsoft appealed the ruling, believing that the U.S. government and courts have no jurisdiction over data stored in another country. The 2nd U.S. Circuit Court of Appeals in New York agreed with Microsoft and ruled that the warrant to obtain access to the email data stored on the Irish servers was invalid.

Microsoft feared that if the previous ruling stayed in effect, the U.S. government wouldn’t be the only one to take advantage of it. The company thought other national governments could also try to compel Microsoft, and other companies, to give them access to data stored on U.S. servers, as well.

Microsoft was the first company to challenge such an order, but almost 100 other companies and organizations filed amicus briefs in support of Microsoft, including Verizon and Apple. The EFF and ACLU also joined in. 

Microsoft recently started a new lawsuit against the U.S. government over an increasingly higher number of secret data requests that it serves with no judicial approval. It appears the company is taking more interest in protecting the data of its customers, whether it’s other companies or individual users, as it puts more emphasis on its cloud business.

The new ruling states that the U.S. government can’t access a user's data that is stored by a service company if it stores the data outside of the U.S. However, with the EU-U.S. Privacy Shield agreement going into effect, some companies may choose to transfer the data from the EU back to the U.S.

That’s when the U.S. government could have full jurisdiction over the data once again. Therefore, it will be up to American companies to keep the data of foreigners as isolated as possible from U.S. servers if they want to avoid data request orders from the U.S. government (whether secret or otherwise). When necessary, the U.S. government can still work through the international law enforcement channels to request a foreigners' data by collaborating with the local governments.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
Topics
Security
4 Comments Comment from the forums
  • Mark RM
    It's basically up to us to protect our own data... encryption everywhere, make their lives miserable.
    Reply
  • Math Geek
    this case was about emails stored on a server overseas. nothing you can about that unless you ensure every single message anyone sends you or oyu send is an encrypted document or something. same goes with all the data companies are collecting on you. you have no control over how that is stored, transmitted or sold about.

    this is what the gov loves to get their hands on and what MS was told to hand over. at least they won the first appeal. maybe it'll make it to the SCOTUS and we can get a better ruling for the whole country :)
    Reply
  • tsnor
    A win for data privacy. Now if only the US govt (my govt) protects its citizen data in the US the same way. Or just said there is no protection and used the data. This mirky secret use of the data is not right.
    Reply
  • manleysteele
    Unless and until each persons trees each and every one of their own congressional and senatorial candidates with a demand for privacy protection here in the US nothing is going to change. The courts have proven that they won't help.
    Reply