Tuesday, 28 June 2011

Patriot Act applies to cloud data in EU, shock horror.....

A couple of weeks ago I blogged about why concerns about privacy and security shouldn't be any more of a factor when looking at Google as a cloud provider than any other. One of the criticisms often leveled at them (and those of us who've put our services with them) is that they will not guarantee that our data is held in the EU, but that it is in the US as well. In that post, I said that the Patriot Act was a red herring. It  applies just as much to data held in the EU by US companies, but it's been quite difficult to convince people of this. I hope that this admission by Microsoft (which is about time - it's been well known for ages) that the Patriot Act applies to data held by them in the EU goes some way to getting it accepted!

3 comments:

Glen Stephens said...

So... err the criticism was correct then? Why not go for an EU company?

Chris Sexton said...

Hi Glen

One simple answer I suppose - there isn't one!

But the point I was making is that Google have always been open about the data being in the US and EU, and that it makes no difference if they put it all in the EU, as it would still be subject to the Patriot Act. Microsoft have made a big play about their data being only in the EU, and have implied that it protects it from the Patriot Act. We've known that it clearly doesn't, and at last it's been admitted.

Dave Berry said...

We've just finished an evaluation of Microsoft's Live@edu / Office365 system and they were completely open that data held with them would be subject to the Patriot Act. They did emphasise that the data would be held in the EU, but this was in relation to the Data Protection Act - presumably they saw this as a selling point to some of their customers.