Your data in the Cloud is not secure from the US Government

Data storage in the cloud is clearly the where things are moving just now. Given the plethora of devices people have — computers at home, laptops and tablets on the move, smartphones in the pocket, it makes perfect sense for all of a person’s devices to use a single, common repository for shared information. Services such as Apple’s forthcoming iCloud at the domestic level, and commonly–used services such as Google’s Google Apps, and Microsoft’s Office 365 all store your data in their own clouds.

You’d think that this would be done with respect to Data Protection laws. Wrong. If the USA wants your data, the USA gets it. My friends Simon Bisson and Mary Branscombe have the details: regardless of European privacy directives and the UK Data protection act, the US see the PATRIOT act overriding these for US companies and EU subsidiaries of US companies:

That means that US government can (under the auspices of the act) request the data of any individual or company that’s using US-owned or hosted services, no matter where that data is actually being held. It doesn’t matter if you’ve geo-locked your data, and it only resides in European data centres, it can still be requisitioned and taken to the US. Yes, it’s an issue of national security, but when results can be found by machine learning and trawling massive data sets (the larger the better), there’s a temptation for governments to take all they can and more.

Undoubtedly this will lead to much hand–wringing in the EU Parliament. However, what can be done? It is unlikely that the USA will give up their powers.

Therefore, the only solution is in the hands of individuals and companies wishing to use cloud services — only use cloud services from wholly–EU–owned companies hosting your data inside the EU. While the legal protections you will have in those circumstances are not huge, they are better than none at all.

Oh — an afterthought. How happy do you now feel, if perhaps you have just given a whole heap of your personal information to Google, during the Google Plus sign–up process?