Another blow to privacy in the US - but certainly also affects us Europeans: According to the US Patriot Act and the Foreign Intelligence Surveillance Act (FISA) US authorities have access to absolutely all data from US companies. Regardless of whether this data is stored outside the US.
Customer confidence adé
This, of course, causes a lot of headaches for US tech companies. Why? First, such a possibility ruined consumer confidence. No one of us finds it particularly tingling when their own data are suddenly no longer safe ... Second, the companies come in a very impossible position in terms of international legislation. This means that the company in the legal system in which they operate, must also comply with its data protection laws.
Marathon process with Microsoft
Exactly the last issue came up when the US government demanded in a drug investigation, the release of e-mails that were stored on Microsoft servers in Ireland. Microsoft refused - and has since been in a protracted lawsuit with the US government. To date, this has lost the process, but went to appeal.
What is this Cloud Act?
The Cloud Act (Clarifying Lawful Overseas Use of Data (CLOUD) Act) aims to provide the US government with access to data stored abroad, in return for allowing foreign governments access to data stored in the United States. On the one hand, the Cloud Act should support the clarification of crimes and, on the other hand, make it easier to deal with the country-specific different privacy guidelines. For the US and its allies.
Microsoft is a fan
If there is no such agreement with a country and the requirement for data disclosure is pervaded by local privacy laws, tech companies can reject the request. That would be the headache in the case of Microsoft history. The company can fulfill requests in this way without breaking international laws. Clearly, Microsoft CEO Brad Smith celebrates and supports the Cloud Act. However, those who care about digital privacy should be very worried ...
Dangerous expansion of monitoring options
The Cloud Act explicitly provides the US Government and its law enforcement agencies with access to "content of wired or electronic communication and any record or other information" about a person, no matter where they live or where the data is stored in the world , Which brings us back to Europe.
Cloud Act ranks: "Qualified" governments simply come aboard
Actually, only the current situation is repeated here. Both the FISA and the USA Patriot Act require US companies to provide their data, regardless of location or owner. And that's what it was all about in the whole Microsoft fight - whether these laws give the US government the power to collect data. The Cloud Act definitely empowers them to do so. However, the question is still open as to whether non-US companies can be forced to publish data. To resolve this naturally controversial issue with foreign governments as smoothly as possible, the Cloud Act allows the president to enter into specific reciprocal agreements with "qualified" governments. These agreements would allow the US access to data stored there without following local privacy laws. However, such reciprocal agreements do not even stipulate that the country in which the data is stored must be informed if a company has to hand over locally stored data there.
Conclusion: Win-win situation for governments and businesses. And for us?
Overall, a very complex topic from the world of law that can have a big impact on our world. Of course, both the United States and its partner countries would benefit from the Cloud Act and its unlimited access to data outside its territory. And tech companies have the advantage that they no longer have to break international laws to hand over data. The big BUT comes to the conclusion: The Cloud Act is a massive power expansion of the government surveillance apparatus with much lower requirements and supervisory standards than currently established in the US, international and also mostly local jurisdictions. In short, for any civilian, the Cloud Act is a loss as digital privacy standards are further undermined. Maybe your home country is already in focus for a "mutual agreement" within the meaning of the Cloud Act. And where is your private data scattered all over the world? ... in fact, to think!