When it comes to deciding whether to hear an appeal by the U.S. government in the so-called “New York Warrant Case”, issues of privacy and data protection will be central to the decision of the U.S. Supreme Court expected this October. This particular case, also referred to as the “Irish case”, positions the U.S. government against Microsoft, in relation to a warrant issued during an investigation demanding cross-border access to data.
The case dates back to 2013, when the U.S. Department of Justice issued a warrant to Microsoft to turn over data stored in its Irish data center. Microsoft refused to turn over the data not located on U.S. national territory. Microsoft prevailed before the United States Court of Appeal in January 2017, overturning lower courts which had ruled in favor of the U.S. government.
A technical but fundamental issue
The international transfer of data for criminal proceedings is a very technical topic, but it tees up some very important questions. Privacy and data protection in the context of international data transfers have increasingly captured the attention of the public, especially given the increasing prevalence of technology such as smartphones.
Because large U.S. technology companies operating from the West Coast supply the vast majority of cloud computing services used across the planet, such providers are operating in an international market that transgresses borders. National protection regimes are therefore no longer capable of protecting users’ rights.
Legislative process in the EU and the U.S.
In the EU, the European Commission, under a mandate from the Council of the EU, is focusing on improving the transfer of electronic evidence across borders, according to the 2015 European Agenda on Security. The Istituto Affari Internazionali (IAI) has conducted research and contributed to EU-wide discussions around these issues.
In June 2017, the European Commission released a “non-paper” recording findings from consultations with experts in the field. The issues continue to evolve as implementation of the 2014 European Investigation Order (EIO) Directive proceeds. This seeks to improve the transfer of evidence for criminal proceedings across borders. Last June, following a meeting of the EU Council of Ministers on Justice and Home Affairs, European Commissioner Vera Jourova announced that a revised proposal on the e-evidence regime would be presented at the beginning of 2018.
Reforms are also being considered in the U.S., where new legislation – the so-called International Communication Privacy Act (ICPA) – has been introduced before the U.S. Congress. This aims to improve the procedures and safeguards for cross-border data transfers. Such a reform would benefit both users and providers, as well as countries which need a more reliable means to gain lawful access to e-evidence than the current framework, which relies on obsolete international treaties; so-called “MLATs”.
Harmonization and reciprocity: vital principles
U.S. politics will certainly play a decisive role in what is ultimately a transatlantic issue. Harmonizing rules for access to data is necessary, if not essential, for ensuring adequate protection as well as reciprocity; a fundamental condition for the proper functioning of transatlantic markets. When proceedings in the case against Microsoft began, questions of cross-border data were not really an issue in Europe. However, in recent years, concerns around privacy and data protection have become increasingly relevant, as the Snowden revelations and Wikileaks case demonstrate.
Should rigid and nationalist approaches prevail in the Ireland case, the same pattern could recur in other countries hosting data centers. This would then become not only a transatlantic issue, but also an EU one.
If, in October, the U.S. Supreme Court decides to hear the case, the Court would accept amicus briefs from nonparties. EU Member States would then have an opportunity to express their concerns and interests on the case to the Court. This procedure may seem unusual from a European legal perspective, but it is an important opportunity to influence the decision of the Court in a constructive way, whether for the benefit of Italy or other European countries.
The current Trump Administration leaves the future strategic direction of the U.S. uncertain. Cross-border access to e-evidence for criminal justice is an issue that is both highly technical and political. Now is the time to engage in a dialogue with the U.S. on an issue that is fundamental for transatlantic relations. Cross-border access to data is an issue worthy of the time required to evaluate and discuss both the technical and political considerations.
This guest blog was translated from an article that first appeared on Affarinternazionali in Italian. It follows a pan-European study “EUnited Against Crime: Improving Criminal Justice in European Union Cyberspace” by IAI that has been conducted with the support of Microsoft. The analysis and opinions expressed herein are solely those of the authors.