St Patrick’s Day seemed like an appropriate day for me to find out if there have been any further developments on the US government’s attempts to get Microsoft to hand over data from its Dublin datacentre.
Aside from the “friend of the court” / “amici curiae” briefs in support of Microsoft I reported on in January, there appear to be no further developments. No news is not necessarily good news when it comes to court cases – it could mean that the issues have become a lot more complicated but it’s more likely to mean the court process hasn’t finished yet.
In the meantime, in an interesting twist, Microsoft announced that it had achieved accreditation for Azure, Office 365 and other services under the new ISO 27018 code of practice for the “protection of personally identifiable information (PII) in public clouds acting as PII processors”.
Of course, it is important to remember that UK data protection law makes allowances for disclosures required by court order so this accreditation certainly wouldn’t prevent a UK judge ordering disclosure, let alone a NY judge. The key from the UK / EU perspective is whether this exemption extends to disclosure ordered by a NY court…