- About Us
In this blog, Annemarie Braams, Senior Legal Council at iWelcome, analyses the Cloud Act and shares her critical insights on what this new law means for handling customer data.
On 23rd March 2018, US President Trump signed the “Clarifying Overseas Use of Data Act” (or: Cloud Act), indirectly putting an end to the “Microsoft Case” in the US Supreme Court. This case centered around the question whether or not the US government had the authority to force US-based service providers to hand over data even if the data was located outside of the United States (in the Microsoft case the data resided on servers in Ireland). Where the US government was adamant they had this right, Microsoft stated this was not the case as there was no clear law to justify the position of the government.
The Cloud Act now clearly states the right of the US government (after obtaining a warrant) to force US-based companies to turn over data even if the data is stored outside of the United States and that service providers must comply!
Many US tech companies have issued statements that they are happy with the Cloud Act as it provides clarity concerning the rights of the US government and – as Microsoft President Brad Smith states – “preserves the right of cloud service providers to protect privacy rights”.
However, many privacy lawyers and groups are worried about the consequences of the Cloud Act and the effect it will have on personal privacy.
Although the Cloud Act gives companies certain means to challenge a request to hand over (personal) data, the grounds and chances of a successful challenge are very limited.
Let’s take a closer look at these grounds which both need to be affirmative:
Apart from the fact that there are no foreign governments yet to meet the term “qualifying foreign governments”, the main problems here are:
The majority of privacy specialists in the field currently still have concerns regarding this issue. As the final judgement is still fresh however, the exact consequences the Cloud Act shall have in relation to the protection of personal data remain to be seen. And as we all know, changes in the field of privacy are taking place frequently, so we at iWelcome will keep following these developments for you and keep you up to date.
Feel free to repost this blog on your website or social channels! But when you do so, please be so kind to mention the source and give us a notice via email@example.com.