July 05, 2011, 12:28 PM —
Members of the European Parliament have demanded to know what lawmakers intend to do about the conflict between the European Union's Data Protection Directive and the U.S. Patriot Act.
The issue has been raised following Microsoft's admission last week that it may have to hand over European customers' data on a new cloud service to U.S. authorities. The company may also be compelled by the Patriot Act to keep details of any such data transfer secret. This is directly contrary to the European directive, which states that organizations must inform users when they disclose personal information.
"Does the Commission consider that the U.S. Patriot Act thus effectively overrules the E.U. Directive on Data Protection? What will the Commission do to remedy this situation, and ensure that E.U. data protection rules can be effectively enforced and that third country legislation does not take precedence over E.U. legislation?" asked Sophia In't Veld, a member of the Parliament's civil liberties committee.
There are specific exceptions for 'national security' in both the European directive and each country's implementation (e.g., the Data Protection Act in the U.K.). So all the U.S. needs to do is find a shill (the U.K. government would be my guess at their first choice) who will declare that they need to export 'this' data as a matter of 'national security' (honest!) and Microsoft and in the clear and the U.S. get what they want.
Commissioner Viviane Reding, who is responsible for data protection, has in the past seemed to welcome a privacy protection bill introduced by senators John Kerry, a Massachusetts Democrat, and John McCain, an Arizona Republican, as a possible solution. "I welcome a draft Bill of Rights just introduced in the U.S. Congress as a bipartisan initiative of Democrats and Republicans. The Commission also shares the main objective of the Bill: strengthening individuals' trust in new technologies through compatible standards," she said.