Data Case in U.S. Sparks Concern in Europe

European lawmakers and companies worry that a lawsuit the U.S. government has brought to the Supreme Court could clash with European Union law, trapping tech companies between complying with U.S. data requests and strict EU data-privacy rules.

The case, set to be heard next month, stems from a dispute between the Justice Department and Microsoft Corp. over access to emails stored on a server in Ireland. Industry officials say it highlights the stark differences between the U.S. and Europe over views on online privacy and the extent of government access to users' data.

Continue Reading Below

The U.S. government in 2013 obtained a search warrant requiring Redmond, Wash.-based Microsoft to hand over email information as part of an investigation into a customer who allegedly was using the account to conduct criminal drug activity.

Microsoft complied with part of the order but rebuffed the request to turn over the email messages, which were stored abroad, arguing that U.S. search warrants don't reach data stored outside domestic borders. Microsoft argues that complying with the warrant would have meant the company could have run afoul of EU privacy rules.

At issue in the court case are broader questions about who should govern global internet companies, and how. In particular, cloud computing companies, such as Microsoft or Inc., can move data among different servers around the world.

Microsoft says it stores users' data in the region where a user resides and customers should be in control of their data.

The U.S. argues that its warrant required Microsoft to hand over the information because it can be accessed in the U.S. with the click of a computer mouse, and lack of access to that data could pose significant barriers to ongoing investigations.

"Hundreds if not thousands of investigations of crimes -- ranging from terrorism, to child pornography, to fraud -- are being or will be hampered by the government's inability to obtain electronic evidence," the Justice Department said in a court brief.

A U.S. government win in the case could hand U.S. companies operating in Europe an expensive dilemma: either comply with U.S. data requests or risk breaching EU data privacy rules. European companies with business operations in the U.S. also fear they could receive similar requests from American authorities sent to their headquarters abroad.

"This untenable position would throw a wrench into the countless routine business arrangements that comprise today's highly interdependent commercial world," the largest trade organizations from Germany, Ireland, Poland and France said in a joint filing to the court.

Foreign governments can access evidence in Europe for criminal investigations, but the preferred method under EU law is to go directly through member states, as part of what is known as a Mutual Legal Assistance Treaty. That approach will be enshrined in the bloc's new data protection regulation, to enter into force in May. The new rules threaten fines as high as 4% of a firm's global revenue for failure to comply.

Washington's position seems to fly in the face of EU sovereignty, some European officials and legal experts said.

"This can clearly escalate to being a conflict of law and international relations," said Jan Philipp Albrecht, a Green Party member of the European Parliament and staunch privacy advocate. "The question [is] if the EU can expect that their own laws apply to their own territory and market or is the U.S. trying to put that into question?"

Companies, governments and institutions in Europe and elsewhere have submitted third-party briefs to the court ahead of the hearing, which is set for February 27. A decision is expected by June.

The U.K., one of the U.S.'s closest law-enforcement allies in Europe, has thrown its weight behind Washington's arguments in the case. Britain, which is preparing to exit the EU, is also currently negotiating a bilateral treaty with the U.S. over access for law-enforcement purposes to electronic communications held on servers in each other's jurisdictions.

The case is reminding some Europeans of leaks by one-time National Security Agency contractor Edward Snowden disclosing that U.S. tech companies cooperated with the NSA, allowing authorities to access information through a so-called backdoor. Those revelations sowed deep mistrust in Europe of U.S. intelligence practices, straining trans-Atlantic ties and hindering cooperation between Washington and Brussels in other areas.

U.S. tech companies also came under scrutiny from the broader public following the revelations. That is one reason Microsoft is fighting so hard: to maintain its reputation. Microsoft says it has only provided data to the U.S. government under valid legal orders.

"Pre-Snowden, this would have been done quietly, there would have been an accommodation" between Microsoft and the government, said James A. Lewis, a senior vice president at the Center for Strategic & International Studies, a Washington-based think tank. "Everyone would have gone away happy."

Now, "they need to show the world, their global customer base, that they're not just going to roll over every time the U.S. government asks them for something," he said.

Write to Natalia Drozdiak at

(END) Dow Jones Newswires

January 18, 2018 17:56 ET (22:56 GMT)