A US attempt to force Microsoft to hand over emails held on servers in Ireland has drawn a strong rebuke from Brussels in one of the first tests of cross-border privacy raised by cloud computing.

The US demand could contravene international law and should have been handled through the official channels normally used for law enforcement between different regions, according to Viviane Reding, vice-president of the European Commission.

The case comes as US technology is already caught up in a transatlantic privacy dispute over revelations about widespread US internet surveillance.

The demand for information held in a different location from the people it relates to could “hurt the competitiveness of US cloud providers in general”, Microsoft warned in a lawsuit challenging the order this year.

The software company added: “Microsoft and US technology companies have faced growing mistrust and concern about their ability to protect the privacy of personal information located outside the US.”

A magistrate in New York issued a search warrant late last year requiring Microsoft to give emails belonging to a user of its Outlook email service to US law enforcement agencies. The nature of the case and identity of the suspect were not disclosed.

Microsoft’s argument that the US enforcement order amounted to an illegal attempt to enforce a warrant beyond US borders has now won support in Europe, with Ms Reding weighing in on Microsoft’s side.

“The commission’s concern is that the extraterritorial application of foreign laws [and orders to companies based thereon] may be in breach of international law,” she wrote last week in a letter to Sophie in’t Veld, a Dutch member of the European Parliament.

She added that the US “may impede the attainment of the protection of individuals guaranteed in the [European] Union”.

Rather than trying to force Microsoft to surrender information, she said that the US should have relied on the mutual legal assistance treaties that create a framework for co-operation between law enforcement agencies.

Ms Reding’s rebuke came in the same week that the US Supreme Court put new limits on the power of law enforcement agencies to search suspects’ mobile devices. The judges ruled unanimously that searches could not be carried out without a warrant.

The mobile phone case marked a historic moment in which the court had recognised the need for greater privacy protection as technology advances, Brad Smith, Microsoft’s general counsel, wrote in a blog post on Saturday welcoming the decision. It also marked the first time the Supreme Court has considered privacy issues raised by cloud computing, he said.

Get alerts on US intelligence when a new story is published

Copyright The Financial Times Limited 2019. All rights reserved.
Reuse this content (opens in new window)

Follow the topics in this article