As widely reported yesterday (in Computerworld, CSO Magazine, CIO Magazine, Network World, PC Advisor, Australian Techadvisor, IT World, among others) and as detailed in this article in PC World, Hogan Lovells yesterday released a White Paper at a Brussels conference organized by the Openforum Academy detailing a study about governmental access to data in the cloud. The paper was written by Christopher Wolf, co-director of Hogan Lovells’ Privacy and Information Management practice, and Paris Office partner Winston Maxwell.
This White Paper (available here) debunks the frequently-expressed assumption that the United States is alone in permitting governmental access to data for law enforcement or national security reasons. It examines the laws of ten countries, including the United States, with respect to governmental authorities’ ability to access data stored in or transmitted through the Cloud, and documents the similarities and differences among the various legal regimes. The White Paper reveals that every jurisdiction examined vests authority in the government to require a Cloud service provider to disclose customer data.
The White Paper also reveals that, unlike in the United States where the law specifically protects cloud data from access by the government without legal process, data stored in the Cloud may be disclosed to governmental authorities voluntarily in some jurisdictions, without legal process and protections.
The review reveals that businesses are misleading themselves and their customers if they contend that restricting Cloud service providers to one jurisdiction better insulates data from governmental access. And it is incorrect to assume that the United States government’s access to data in the Cloud is greater than that of other advanced economies.
As part of the study reflected in the White Paper, the authors consulted on local law with lawyers on the ground in each of the countries we examined and with their input, found that it is not possible to isolate data in the Cloud from governmental access by choosing a provider based on its physical location. This is a critical finding that may directly impact businesses’ decisions related to Cloud storage.
The paper examines governmental authority to access data in the Cloud in the following countries: Australia, Canada, Denmark, France, Germany, Ireland, Japan, Spain, United Kingdom, and the United States. It also includes a reference table that illustrates the varying levels of authority across the ten countries.