Google showdown with U.S. federal government over storing personal data abroad

Google has been locking horns with the U.S federal government once again over the storage of data abroad.

It’s believed Google lost their third dispute in court over the matter, and lengthy legal battles remain at large.

The disputes arose when Google challenged the validity of a search warrant for looking through company data that was stored abroad. This asks the question about who has jurisdiction for information held overseas, and therefore which laws apply to the stored data.

A huge legal question

Online newspaper Politico reports that the U.S. Supreme Court is preparing its answer to the question: does U.S. law permit authorities to use U.S. courts to obtain electronic records kept outside the country?

Earlier in July, Google refused to allow authorities to look through company information stored abroad, saying the search warrant did not allow U.S. authorities access. Chief Judge Beryl Howell of the U.S. District Court for Columbia reportedly rejected this contention and said she would hold the company in contempt for defying the order and fine them $10,000 for every day it doesn’t allow access.

A lengthy legal battle

The Supreme Court will be reviewing a case last year involving Microsoft and the Justice Department’s request for email records that were stored in Ireland. The 2^nd Circuit U.S. Court of Appeal, panelled by three judges, unanimously agreed that the Stored Communications Act only applies in the U.S. However, prosecutors are concerned that U.S. companies may use this to circumvent U.S. data laws by putting them out of reach of authorities.

But what about personal data? Should authorities be able to reach into other countries and demand personal data in the name of their own data laws?

A question that desperately needs answering

The fluidity of data gives authorities something to scratch their heads over. Although these disputes have primarily arisen in the U.S., these questions and cases are incredibly important here in the U.K. too. We wouldn’t be surprised if similar legal challenges are raised and fought here as well.

Digital files can be sent and accessed within seconds, but should the data be held to the standards of the country it is accessed or stored in, or only by the country it originates from? Data stored electronically can be stored in one place and accessed by many points, and can also be in one place and downloaded by multiple access points. The cloud introduced us to storing and using data no matter where you are, but this has undoubtedly created questions over data protection jurisdiction.

What about the laws here in the U.K.?

In the U.K, national and EU data protection laws address the issue of personal information being transferred outside the European Economic Area:

“Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.”

However, this still raises concerns over whether there needs to be consent or notification for the information to be held outside the country. Data subjects may understandably worry where their personal data is being accessed; for what reason; and whether they have a say in all of this.

Commercial and technological advancements must not leave data protection out in the cold; companies and firms should prioritise data protection even more now that data breaches are so incredibly easy to commit.