CLOUD Act: the US introduces a law on seizing data stored abroad

#Regulation 04.03.2018 2min Last update : 10.23.2020

The new legislation could have gone unnoticed – inserted into the middle of the 2232-page American finance law passed by Congress and signed by Donald Trump on March 23, 2018. Yet, while the CLOUD Act has been welcomed by major IT players like Microsoft, it has caused concern for civil liberties associations, who are worried about the impact on our privacy.

The CLOUD Act (Clarifying Lawful Overseas Use of Data) governs the seizure of emails stored outside the United States by American government agencies or police departments. The new regulations passed by Congress clarify the rules on the mandates that the Americans are afforded beyond their borders when it comes to data hosted in data centers belonging to US companies abroad.

Microsoft vs. the United Stated Government

The vote on the CLOUD Act was largely brought on by the dispute between Microsoft and US authorities. In 2013, the Justice Department ordered the technology giant to reveal the content of emails relating to someone implicated in a drug trafficking investigation. Microsoft refused to do so, on the grounds that the data was stored in Ireland and the US government had no jurisdiction in other countries.

The new law is good news for several tech giants. “The CLOUD Act ensures appropriate protections for privacy and human rights. And it gives tech companies like Microsoft the ability to stand up for the privacy rights of our customers around the world,” announced Brad Smith, Chief Legal Officer for Microsoft.

A threat to our privacy?

Those seeking to uphold our right to privacy take a different view. Associations including the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) believe the law to be an attack on our freedom. “Some technology companies have suggested that the CLOUD Act represents notable progress to protect consumers’ rights. We disagree. We believe the CLOUD Act undermines privacy and other human rights, as well as important democratic safeguards,” the ACLU explained in a letter.

“Congress has a professional responsibility to listen to the American people’s concerns […] and this week, they failed. Because of this failure, U.S. and foreign police will have new mechanisms to seize data across the globe. Because of this failure, your private emails, your online chats, your Facebook, Google, Flickr photos, your Snapchat videos, your private lives online, your moments shared digitally between only those you trust, will be open to foreign law enforcement without a warrant and with few restrictions on using and sharing your information,” said the EFF, expressing its concerns.

Making the right choice on storing your data

This case yet again raises the debate on how you can best protect your personal data. Not to mention the issue of where your data is stored. American service providers do not offer the same security guarantees as those offered by European providers such as Oodrive. To combat sovereignty and security issues, and to comply with the legislation in force, Oodrive stores its customers’ data in Europe. With ISO 27001:2013, RGS***, Cloud Confidence, and France Cybersecurity certifications, confidentiality is guaranteed.