US FISAAA Law and your data
These has been some concern over the revelation that a section in the US Foreign Intelligence Amendments Act (FISAAA) which allegedly allows US authorities to access data of non-US citizens on any cloud services run by US companies.
How this will interact with EU law, and particularly the Safe Harbour Agreement, is something that was not commented on by the European Commission, however an official has revealed that the EU is actively looking into the amendment.
This is a legal battle that will likely take time to be fully resolved, as the EU and US lock horns over privacy and security. It is clear that some cloud services are keen to create datacentres located outside of the US, to reassure customers by circumventing this issue.
Whilst US snooping over data is concerning to some users with confidential information, the reality is that the US is extremely unlikely to want to access the information of an average company, especially if they have little or no business in the US.
Nevertheless, this is an issue that can scare potential customers away from moving their data to the cloud, and there needs to be greater clarity from the US government about data protection, as such a significant proportion of cloud services are based in the US. Conversely there is also an opportunity for cloud service providers to market their services as being based exclusively in Europe or elsewhere, at least until the legal discussions can be clarified.
It is my understanding that this recent amendment now encompasses all US corporations regardless of the geographical location of the data/data centre ie Google and Microsoft as US Corporations are now legally required to provide the data on none US Citizens even if this data is stored in Europe. Therefore providing the services exclusively within Europe provides no additional data protection or privacy.