After Microsoft, Google has become the latest U.S. Company to admit that it handed over to U.S. Intelligence, data stored in its European data center, thereby, once again exposing the vulnerabilities of the European cloud, courtesy the USA Patriot Act.
Softpedia posted that according to a German magazine WirtschaftsWoche, [Google translate], the search engine giant confirmed that even Google’s servers in Europe have no protection from the Patriot Act. A Google spokesperson confirmed that the company has complied with requests from US intelligence agencies for data stored in its European data centers.
Google handed EU data to U.S. law enforcement agencies, by using the Safe Harbor framework to transport data across the Atlantic.
The USA Patriot Act states that companies incorporated in the United States must hand over data administered by their foreign subsidiaries, if requested. Moreover, they can be compelled to be private about it in order to avoid exposing active investigations and alerting those targeted by the probes.
This places multinational companies like Google, Microsoft or Amazon, which offer cloud services around the world, in a dilemma because their subsidiaries must also adhere to local laws.
To quote, European Union legislation requires companies to protect the personal information of EU citizens and, clearly, U.S. Companies cannot follow these regulations.
A few weeks ago, Microsoft’s U.K. managing director, Gordon Frazer admitted that Microsoft can be forced to share data with the U.S. government regardless of where it is hosted in the world. “Any data which is housed, stored or processed by a company, which is a U.S. based company or is a wholly owned subsidiary of a U.S. parent company, is vulnerable to interception and inspection by U.S. Authorities,” he said.
Following Frazer’s admission, the European Parliament, cited these issues in the Civil Liberties and Justice Committee and demanded an explanation from U.S. Authorities asking why EU data was not safe from U.S. Inspection; sparking a diplomatic outrage between the two continents.
The European Union has been demanding that changes be implemented in the way data is sent to the United States from Europe amid conflicts between European Data Laws and the USA Patriot Act.
This disclosure from Google is likely to spark an official inquiry from the European Commission after it resumes post the summer break. Though an easy solution seems unlikely it can be foreseen that the European Union will not take things lying down and the U.S. companies might have to bear the brunt of the stranglehold, though things are also not going to be easy for European companies and government agencies which are using their services.
The USA Patriot Act was signed into law in 2001. The act, a response to the terrorist attacks of September 11, 2001, dramatically reduced restrictions on law enforcement agencies’ ability to search telephone, email communications, medical, financial and other records and eased restrictions on foreign intelligence gathering within the United States among other things.