The Patriot Act has had far-reaching implications for United States citizens, but now it threatens to reach into other countries who also do business with the U.S., Microsoft warned the E.U. recently. With the expansion of the cloud and the possibility that U.S.-based countries might have information of customers stored in other countries means that increasingly data owned and held by those customers may fall under the legal jurisdiction of the countries it’s stored in.

The big and most innovative element of cloud-storage happens to be that data can be kept anywhere, but infrastructure-wise it still ends up being geographically located and that, according to Microsoft, means that in some limited cases means that E.U. citizen data could be available to the U.S. under the provisions of the Patriot Act.

An article written for PC World outlines some of the issues the E.U. has with this possibility, especially how it chafes against the laws of the European Union involving data privacy such as the E.U. Directive on Data Protection.

A legal expert speaking to PC World pointed out that even with Safe Harbor provisions U.S. companies may still be required to hand over E.U. data when the Patriot Act is involved—essentially nullifying the entire purpose of any Safe Harbor—meaning that E.U. customers would be better keeping their data out of U.S. servers.

The advice will come as a blow to the many cloud computing players registered in the U.S. including Microsoft, Facebook and Google. Microsoft’s new cloud service, which is due to be launched next week, will allocate geographic regions where customers’ data will be physically stored. But the computer giant could not guarantee that E.U. users’ information would not be disclosed: “In a limited number of circumstances, Microsoft may need to disclose data without your prior consent, including as needed to satisfy legal requirements, or to protect the rights or property of Microsoft.”

“I hope Commissioner Reding will respond soon, as this is really a key issue. Essentially what is at stake is whether Europe can enforce its own laws in its own territory, or if the laws of a third country prevail,” said In’t Veld. “I hope the Commissioner will ensure that the U.S. and other countries respect E.U. laws in E.U. territory. I don’t think the U.S. would be amused if Europeans (or other non-U.S. authorities) were to get access to databases located within U.S. jurisdiction.”

This sort of concern could severely damage cloud-based initiatives and bridges between the E.U. and the U.S. when it comes to the locations of data centers. Companies that would otherwise happily bring their money and customers onto U.S. soil need to worry about the data privacy of their customers versus the legal ramifications of storing it in country. Privacy in general is already hard enough and adding in the fact that governments prefer sovereignty over their own stuff is only going to be harder.

Essentially, with the USA Patriot Act in play, agreements made with the E.U. to bring their business State-side would violate any deals to keep their data to themselves. If you let the U.S. touch something the Patriot Act gives the U.S. rights to it. The chilling effect on business, especially cloud innovations for the United States could be quite bad. Let alone businesses of other countries, but citizens of other countries don’t want to have to worry themselves about foreign governments having access to their data.

The most spine-chilling problem with the Patriot Act happens to be the veil of secrecy portions that permit the government to silently take data from a vendor on U.S. soil such that the customers won’t be informed. If nothing else, this runs directly afoul of the E.U. data protection legislation that requires that customers be informed if their information had been accessed (legally or illegally.)

A business like Microsoft literally couldn’t do business with the E.U. under these conditions to acknowledge one law would violate the other.

It’s time for the United States to grow up about its policies involving other countries even if legislation such as the Patriot Act looks dimly on the data rights of its own citizens. Multi-jurisdictional data and cloud-based technology will require countries interleaving policies that take into account the nationality of data—and perhaps users of these services may also drive some of these policies by sticking to cloud-companies who protect that trust.