Rushed US Cloud Act triggers EU backlash
The European Commission says the rushed nature of a controversial US law granting police access to personal data, known as the Cloud Act, may complicate EU efforts on a similar proposal.
The US law was passed last week without any congressional debate after being slipped into a $1.3tn (€1.04tn) spending bill.
Join EUobserver today
Get the EU news that really matters
Instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
The move has sparked widespread criticism from civil right defenders, who say it risks undermining freedoms by circumventing national privacy laws in Europe and elsewhere.
But the commission on Monday (26 March) appeared more reserved in its criticism.
EU justice commissioner Vera Jourova is hoping to secure compatible rules with the US when it comes to obtaining evidence stored on servers located in other countries.
"Unfortunately, the US Congress has adopted the US Cloud Act in a fast-track procedure, which narrows the room for the potential compatible solution between the EU and the US," she said in a statement.
Jourova had met with US attorney general Jeff Sessions in Washington DC last week where the two discussed the act as part of a broader effort to force firms to release people's private data directly to prosecutors in case of serious crimes.
Global warrants
The commissioner is set to release an electronic evidence proposal sometime next month, which she says is needed to crack down on cross-border crime.
Like the Cloud Act, the electronic evidence bill aims to allow police access to data stored by companies. And like the Cloud Act, its scope will likely go global, posing broader questions on the extraterritoriality of warrants.
Authorities say the legal framework is needed to speed up access given that the current method of using so-called mutual legal assistance treaties or MLATs is too cumbersome.
The Cloud Act also empowers the US president to force US services providers to deliver content data to a foreign government without the need of any mutual legal assistance regimes.
The issue is at the heart of an on-going legal tug of war between US prosecutors, Microsoft and Ireland. Microsoft has so far refused to relinquish the content of emails to the US, which wants them as part of a criminal investigation in New York.
The emails are held by Microsoft servers hosted in Ireland. Microsoft says it cannot so easily surrender the emails given robust EU privacy rules, noting that other avenues like MLATs exist to extract the data. Companies worry that direct access may also erode consumer confidence.
But the EU is pressing for similar powers in its forthcoming proposal despite wider reforms launched by the Council of Europe, a human rights watchdog, to streamline MLATs.
Who's in charge?
The push appears to be driven by the internal affairs department or DG Home at the European Commission. Even though the electronic evidence proposal is spearheaded by the justice department, DG Home has taken the lead, according to one observer.
"This initiative [e-evidence], even though on paper is being led by DG Justice, in practice it is being led by DG Home and I think that is maybe why you see this flexibility in law enforcement," said Maryant Fernandez-Perez, a senior policy advisor at the European Digital Rights Initiative (EDRi), a Brussels-based NGO.
She noted that the EU's upcoming data protection regulation also contains an article that prevents companies from sharing data with foreign governments unless they've secured an international agreement or a mutual legal assistance treaty.