A tweeted conversation between Tom Watson MP and Chris Gerhard, in the afterglow, of the Guardian’s running a story that the FBI are looking for warrant-less and secret intrusion into an email provider’s customers.
@tom_watson would that not be illegal in the eu for them to hand your data over to the FBI?
— Chris Gerhard (@chrisgerhard) June 1, 2013
US companies have to obey the law as it stands in the US and the EU.
US Law states that the Department of Homeland Security can obtain electronic data from US owned computers anywhere in the world, without a warrant if the data subject is a foreigner. EU Law states that EU citizens have a right of privacy including their correspondence and that owners and controllers of computers located in Europe must conform to privacy and data protection laws. US companies can’t do both. Guess which they choose or are encouraged to obey first.
This makes Google and Microsoft both problematic consumer mail providers for those who take their right to privacy seriously. It also sets a problem for US Companies that want to work in Europe.
Interestingly, I have at least one colleague who says he now uses Facebook for stuff he wants to keep private but it is US based and I believe at the moment that all it’s computers are based in the US, so while it may have a decent if volatile privacy model, the US Government can read what it wants.
Other interesting diversions, Google are turning xmpp off, this means that OTR will become unavailable to chat users, as will third party clients and I wonder if US companies are more restricted in reading their employees mail in Europe than their government.