Microsoft has been ordered by a New York judge to hand over customer emails stored in a data centre in Ireland. However, under Irish law, the data cannot be handed over without an Irish court’s approval.
Judge Loretta A Preska from the District Court for the Southern District of New York yesterday upheld a magistrate judge’s ruling that Microsoft must turn over emails that are stored on servers at its Irish data centres.
In May, Microsoft successfully challenged a FBI user information request because the company claimed it violated the user’s right to privacy under the US Constitution.
The case related to a drug trafficking investigation and stemmed from a warrant a judge issued in December.
The case could have ramifications for other cloud computing companies with operations based in Ireland.
Former justice minister Michael McDowell in an affidavit has warned that Ireland is required by law to protect data held in the country from foreign law-enforcement agencies.
He said the disclosure of data will only be lawful if approved by a judge in an Irish court.
In essence, the battle over the storage of data in overseas data centres will soon shift to Irish shores.
International treaties protect data stored in Ireland
Data held on servers in Ireland is protected by Irish and European mutual legal assistance treaties, as well as the 2008 Criminal Justice Act.
In a recent amicus brief in support of Microsoft, the influential Electronic Frontier Foundation (EFF) argued the magistrate’s rationale ignores the fact that copying the emails is a “seizure” that takes place in Ireland.
“The Fourth Amendment protects from unreasonable search and seizure. You can’t ignore the ‘seizure’ part just because the property is digital and not physical,” said EFF staff attorney Hanni Fakhoury.
“Ignoring this basic point has dangerous implications – it could open the door to unfounded law enforcement access to and collection of data stored around the world.”