14 DAY TRIAL // Microsoft admitted that itself and other American companies can be forced to hand over data belonging to foreign citizens hosted in datacenters around the world to the US government.
Although this has been suspected for a while, none of the big cloud services providers have ever publicly acknowledged it.
However, when questioned about this at the Office 365 launch, Gordon Frazer, Microsoft UK's managing director, admitted that regardless of where the data is stored in the world, the company can be forced to share it with US law enforcement agencies.
This is made possible by the USA PATRIOT Act, and not only can companies be forced to hand over data protected in other countries, but they can be asked to keep quiet about it.
According to ZDNet, Frazer was asked if "Microsoft [can] guarantee that EU-stored data, held in EU based datacenters, will not leave the European Economic Area under any circumstances — even under a request by the Patriot Act."
"Microsoft cannot provide those guarantees. Neither can any other company," the Microsoft official said, adding that "customers would be informed wherever possible."
This puts European companies that already adopted a cloud-based solution from an US provider in a tough spot, because according to EU legislation they must protect certain type of data, especially the personal details of EU citizens.
And it's not only companies headquartered or incorporated in US that are bound by the Patriot Act. It's also their non-US subsidiaries, even if they have separate administrations.
The cloud-provider themselves are also in a difficult position, because they have to comply with both the USA Patriot Act which forces them to share the data, and the laws of other countries where they operate, which might prevent them from doing so.