The Patriot Act: 10 Years of Uncertainty
The unrest has been palpable for over a decade. There has been a running battle ongoing between Europe and the United States since October 25th 2001, date of the USA PATRIOT Act entry into force. This text was to help American authorities with their battle against terrorism. Its real consequences were different: it reinforced national surveillance prerogatives, granting them new access and powers. Section 217 of the text explicitly authorizes access to data belonging to American individuals and companies that are subject to American laws. This is applicable just as long as said data is on any computer that serves as a means of communication, which points out any computer that is both under American law and connected to the Internet.
For thousands of companies that wish to uphold the confidentiality of their data, section 217 is a catastrophe. Although a majority of affected corporations are American, the Patriot Act washes over any company physically installed in the U.S. This also includes any data concerning local or international clients.
International legislation was not spared by the effects of what came as a legal bombshell. EU directive 95/46/CE had been born during difficult times, but it had, since 1995, provided European users with countless means of defending their privacy. This directive had even extended its powers to European data held by group or organization outside of the EU. To conform with these EU standards, American authorities had even set up the International Safe Harbor Privacy Principles, which American companies could comply with if they so chose to. But the Safe Harbor initiative was obliterated with the arrival of the Patriot Act, which left the EU helpless.
Since then, from a legislative point of view, nothing has helped to work out the problem. The EU modified its directive in 2004, stating that information could not be gathered without warning the person concerned by the inquiry. The initiative revealed a pious hope, as in July 2011, Microsoft half-heartedly admitted they could not guarantee any such commitment to their "Office 365" users. Google soon followed, confessing they leaked information to American authorities. The situation is as strained as ever, as Cloud computing is all about the outsourcing of computer infrastructure. In September 2011, Netherlands authorities declared that they automatically excluded any American company from its call for tenders for the creation of its Cloud infrastructure. It is a decision that very much sounds like a confession of helplessness, a cry that reminds us that in ten years, no country was able to legally protect its data, as long as it was under American jurisdiction.