The Microsoft ruling: Mending EU-US digital relations

DISCLAIMER: All opinions in this column reflect the views of the author(s), not of EURACTIV.com PLC.

Facebook Data Center Server Board

Data centre server motherboard. [Intel Free Press/Flickr]

Microsoft’s successful appeal against a US Department of Justice request to access emails stored on its foreign servers marks an important milestone for international consumer privacy and the tech community, writes Brian Stafford.

Brian Stafford is CEO of Diligent, a US-based company seen as a pioneer in secure online executive collaboration.

It’s not every day that a ruling delivered by a United States circuit court of appeals eases the minds of European citizens, but such an event occurred on Thursday July 14, 2016.

The court ruled in favour of Microsoft in an appeal against the United States Justice Department, quashing the department’s claim that it has the right to demand access to data on a Microsoft server in Ireland through the use of a search warrant.

The court found that Microsoft had “the stronger argument” in the case, stating that US courts did not have the right to seize customer email content stored exclusively on foreign servers.

While obviously an important ruling for the cause of international consumer privacy concerns, the tech community is also lauding this decision due to the implications it has for international business relations. This ruling should alleviate concerns of corporate data security across the EU, as businesses no longer need to worry about data privacy from the US government.

The US houses a majority of the largest and most well-known companies in cloud data storage and software-as-a-service, so the precedent set by this ruling provides a more secure platform for Europe’s enterprise to do business with the major cloud vendors in the US. They can rest easy knowing that the US government does not have access to their most sensitive data and has no sovereignty over it simply because the company that owns the servers is based in America.

This ruling marks a rare moment of calm in an otherwise tumultuous time for digital relations between the US and EU, as enterprises on each side of the Atlantic have found themselves at odds with the other’s data storage and privacy policies. The EU continues to see the rise and fall of data privacy policies like Safe Harbor and the EU-US Privacy Shield. US companies with European customers find themselves under the ticking clock of the EU’s General Data Protection Regulation.

2016 so far has been a veritable tug-of-war for the digital standards of corporate governance, and it is refreshing for executives to know that they can rely on US-based platforms for the protection of their data in Europe as the alternatives can be significantly less secure.

When sending PDFs over email or storing them on local devices, there is no assurance that the data is protected. Further, many are still sharing information outside of the company’s firewall on unencrypted email, which can further expose the information to a range of cyberattacks. This doesn’t even address messages and emails with sensitive company information, which are also a risk unless transmitted and stored in a secure platform.

Corporate executives and board members should be relieved, as their level of corporate data is highly sought after by malicious hackers. This ruling ensures that executives in the EU a greater level of comfort in their dealings with US vendors, and likewise to US companies with EU customers.

Knowing that data transactions are at least less subject to the oversight of the US government, this decision should further strengthen EU and US collaboration in business.