The Internet and data represent a whole new paradigm for looking at jurisdiction in the Information Age of politics and law. When sovereignty and information collide, often consumers get caught in the middle—this is the case still with a tug-of-war between the USA PATRIOT Act and the European Data Protection Directive. As more and more corporations look to the cloud to solve big data problems, connectivity and latency issues, and try to overall better the experience of their customers it means that sometimes some data will be store offshore.

During the June launch of Office 365 in London, Microsoft blatantly admitted that if the United Statesrequested data stored in European servers (even pertaining to European citizens) under the Patriot Act they would be forced to comply. As a U.S.-based company, Microsoft felt beholden by the law to give up any information that they had access to untoU.S. authorities under the law.

“Any company with a presence in theUSis legally required to respond to a valid demand from theUSgovernment for information if the company retains custody or control over the data,” said Microsoft. “This is the case regardless of where the data is stored or the existence of any conflicting obligations under the laws where the data is located. Microsoft will only respond to government requests for enterprise customer data when legally required, and understanding general customer concerns in this area, we will use commercially reasonable efforts to notify those customers in advance, unless we are legally prohibited from doing so.”

Of course, the Patriot Act includes the capability to gag-order corporations when warrants for data have been served meaning that if Microsoft were lawfully ordered to turn over data held on European servers by European citizens they would be legally prohibited from notifying those customers. All this even though the European Data Protection Directive requires companies to inform users when they disclose private information to outside sources.

This fact, combined with a multitude of others, does not sit well with European IT departments and throws a giant bucket of cold water on interest in U.S.-based cloud services.

When the cloud spans countries; the law spans the cloud

The Financial Times has written up a long-and-windy examination of how the Patriot Act and the Data Protection Directive interact (available via Google without need for paywall)—which in the end comes out to: extremely poorly.

While the workaday consumer who would be interested in Microsoft’s Office 365 product is likely not that concerned, anyone who works for banks, European government, or even defense would be essentially releasing sensitive information directly into the hands of a foreign power. Although, this sort of concern seems a little bit naïve: banks, defense, and etc. should have their own in-state or networked security solutions that make this moot. Although Microsoft might be forced to comply with handing over information, a bank storing information on their servers should be keeping their data under heavy lock-and-key (i.e. encryption and other security measures.)

But the point should be taken: why allow a foreign power a sneak-peek at even my locks when the law should bar them from looking without letting me know.

The prognosis: regional cloud-based solutions that don’t leave country borders for sensitive applications.

We may soon be entering into the era of information treaties that involve the Internet and the cloud, especially with industries such as healthcare cautiously moving into the cloud in order to better develop solutions for dealing with health, lifestyle, and treatment. Healthcare providers already have their hands full with privacy-protection laws that directly conflict with a lot of cloud-based solutions currently (especially if information can just be released without say-so.) However, these technologies save a lot of money and if properly leveraged could lead to innovations in getting the information where it needs to go when it needs to be there. Cloud adoption is slow currently but ramping up as Cisco and VMware fold in their interest in the industry.