On 14 July 2016, the 2nd U.S Circuit Court of Appeals in New York overturned a 2014 ruling which ordered Microsoft to hand over messages of a suspected drug trafficker. At the time, the ruling was crushing for many data intensive organizations who had relied on the protections provided by housing their data abroad. The overturned ruling means that U.S. companies will not be required to give up information which is stored outside of the United States if served a warrant by the U.S. government.
This result is a major victory for privacy which, if the outcome had worked in the U.S. government’s favor, would have had huge implications on the cloud-based world. The uncertainty cultivated fears of a global ‘free-for-all’ and subsequent domino effect, with other American companies suddenly at risk of being at the mercy of the U.S. government and its indiscriminate surveillance of data.
The decision is an important privacy landmark, particularly for SaaS companies such as dotmailer, because it sets a precedent and ensures that the legal protections of the physical world apply within the digital domain. It’s also important to our clients who have entrusted dotmailer with their data – and anyone who uses cloud technology in general – as now they can remain confident that their personal information will be protected by the laws of their own country.
As dotmailer continues to migrate to Microsoft’s Azure cloud-based servers, which are based in Amsterdam, users of the platform can remain confident that their data is protected from any release or indiscriminate surveillance at the hands of the U.S. government – even if a warrant for its release is issued.
Digital privacy has always been a contentious matter and we would never want an external force to compromise the trust our customers put in us to protect their data. dotmailer remains committed to going beyond compliance by continually monitoring compliance with the recently finalized EU / U.S. Privacy Shield and the upcoming EU General Data Protection Regulation (GDPR), as well as other data protection laws, including managing internal data protection activities, training staff, and conducting internal audits.
You can read the full story by visiting the Microsoft blog.