U.S. extraterritorial data warrants: yet another reason for swift Data Protection reform, says EU Commission
This post was written by Kate Brimsted.
In May, we reported that a U.S. magistrate judge had upheld a warrant requiring Microsoft to disclose emails held on servers in Ireland to the U.S. authorities. The ruling has now attracted the attention of Brussels, with the Vice-President of the European Commission, Viviane Reding, voicing her concern.
Microsoft had argued before the court that the warrant, which was issued under the Stored Communications Act, should be quashed. This was because it amounted to an extraterritorial warrant, which U.S. courts were not authorised to issue under the Act. In summary, the court ruled that the warrant should be upheld, noting that otherwise the U.S. government would have to rely on the “slow and laborious” procedure under the Mutual Legal Assistance Treaty, which would place a “substantial” burden on the government.
In a letter to Sophie in’t Veld, a Dutch MEP, Ms Reding noted that the U.S. decision “bypasses existing formal procedures”, and that the Commission is concerned that the extraterritorial application of foreign laws may “be in breach of international law”. In light of this, Ms Reding states that requests should not be directly addressed to companies, and that existing formal channels such as the Mutual Legal Assistance Treaty should be used in order to avoid companies being “caught in the middle” of a conflict of laws. She also advocates that the EU institutions should work towards the swift adoption of the EU data protection reform. Ms Reding further reported that the Council of Ministers has agreed with the principle reflected by the proposed Regulation – and consistent with the recent Google Spain decision – that “EU rules should apply to all companies, even those not established in the EU (territorial scope), whenever they handle personal data of individuals in the EU”.