Microsoft"s UK managing director, Gordon Frazer, admitted that cloud data stored online, even in Europe, is not protected against the "Patriot Act" in the United States of America. As ZDNet reports, Microsoft"s admission of this fact came after Frazer was posed this question:
Can Microsoft guarantee that EU-stored data, held in EU-based datacenters, will not leave the European Economic Area under any circumstances - even under a request by the Patriot Act?
Frazer explained that due to Microsoft being headquartered in the United States, they must comply with United States laws, even when dealing with subsidiary companies. He went on to say that customers would be notified whenever possible, should a request by the Patriot Act need this. It has been suspected, perhaps even feared, for some time but Microsoft"s admission that data can be accessed regardless of whether it is in the United States or not is the first of its kind. Should data be housed, stored, or processed by an American company - or a company owned in its entirety by an American parent company - then it is possible for the Patriot Act to intercept and inspect this information.
In his response to the quoted question, Gordon Frazer said the following:
Microsoft cannot provide those guarantees. Neither can any other company.
Information about what can be done with your data, including when it may be accessed by an outside authority such as the government, is available on Microsoft"s online Trust Center. Posters on Reddit have suggested information that could contradict what Frazer has said, as well as suggesting that the Patriot Act could potentially break European Union laws. Reddit user "canyouhearme" has said the following:
In doing so they would be breaking EU laws.
Explicitly, they have to follow EU laws if they are acting as EU entities and working with EU data. Making reference to US laws gives them no leeway - processing of EU data, in the EU particularly, means they can be arrested for not following EU data protection regulations.