A Google spokesperson, speaking with German news magazine, WirtschaftsWoche, has admitted the search giant complied with requests from U.S. Intelligence, leveraging the PATRIOT Act. They were seeking information on users with data stored in the E.U., possibly creating a conflict within a strict set of privacy laws.
The U.S. PATRIOT Act, designed for anti-terrorism efforts, but often pushed to its legal limits according to many opponents, requires businesses incorporated stateside turnover data stored by foreign subsidiaries when ordered to. There is little choice in the matter for companies such as Google, Microsoft, or Amazon. As such, all three at the center of an E.U. privacy debate, which takes aim at the PATRIOT Act itself.
Microsoft made headlines in June, when a ZDNet reporter asked if there was a guarantee that E.U.-stored data, held in E.U.-based datacenters, would be protected - even under a request by the Patriot Act.
He was told Gordon Frazer, managing director of Microsoft UK, that while customers would be informed “wherever possible,” Microsoft “cannot provide those guarantees. Neither can any other company.”
Contrary to what the PATRIOT Act requires, E.U. law mandates that companies operating under their purview protect the personal information of its citizens.
There is no clear sign if the European Commission will dig into the issue.
Until they do, U.S. subsidiaries operating overseas are technically bound by two legal masters. Sadly, companies based in the U.S. and operating in the E.U. will be forced into breaking the law, the question is, which law is easier to break?
Zack Whittaker, over at ZDNet as written a critical series of reports on this very issue, all four parts can be viewed here.
Google sent over a comment on this story. They said the original story in WirtschaftsWoche contained an error. We've posted their remarks below:
"As a law abiding company, we comply with valid legal process, and that - as for any US based company - means the data stored outside of the U.S. may be subject to lawful access by the U.S. government. That said, we are committed to protecting user privacy when faced with law enforcement requests. We have a long track record of advocating on behalf of user privacy in the face of such requests and we scrutinize requests carefully to ensure that they adhere to both the letter and the spirit of the law before complying."