St Patrick’s Day seemed like an appropriate day for me to find out if there have been any further developments on the US government’s attempts to get Microsoft to hand over data from its Dublin datacentre.
Aside from the “friend of the court” / “amici curiae” briefs in support of Microsoft I reported on in January, there appear to be no further developments. No news is not necessarily good news when it comes to court cases – it could mean that the issues have become a lot more complicated but it’s more likely to mean the court process hasn’t finished yet.
In the meantime, in an interesting twist, Microsoft announced that it had achieved accreditation for Azure, Office 365 and other services under the new ISO 27018 code of practice for the “protection of personally identifiable information (PII) in public clouds acting as PII processors”.
Of course, it is important to remember that UK data protection law makes allowances for disclosures required by court order so this accreditation certainly wouldn’t prevent a UK judge ordering disclosure, let alone a NY judge. The key from the UK / EU perspective is whether this exemption extends to disclosure ordered by a NY court…
Thanks Frank, I am passing this update o nthe the team at http://www.backbone.uk.com as we were speaking with a client about this just 40 minutes ago!
LikeLiked by 1 person
You’re welcome Alex. I will, of course, post again when there are substantive developments 🙂
LikeLike
[…] But Amazon’s WorkMail and WorkDocs suites change that. Amazon have ISO certifications already and they want to be seen as being active in this space in helping to protect data so, presumably next stop is ISO27018? Microsoft has it already. […]
LikeLike
[…] quiet for several months, the US Gov & Microsoft is set to return to court. The US government had obtained a court ruling under the US Stored Communications Act to allow it to gain access to dat…. Microsoft had resisted on the basis that Irish law should apply to data held in Ireland and that […]
LikeLike