After four years of legal battles running through all US instances, Microsoft‘s email-in-Ireland case is now moot – but the topic is not necessarily off the table yet.
At the Supreme Court this week, Microsoft issued a motion to support a petition by the US government to dismiss the case as being of purely academic interest. That’s regarding the case so far, mind you, which was concerned with whether US criminal investigation agencies could use an electronic search warrant to also have access to the emails of customers stored not in the USA, but rather in Microsoft’s cloud data center in Ireland.
Microsoft had previously always spurned such requests and cited for instance the fact that emails are subject to confidentiality, just like letters sent by post, and that US authorities had to consider the full legal protection offered by the fourth amendment to the constitution when asking for them to be handed over. Data stored in Ireland, furthermore, falls under Irish data protection regulations and those of the European Union, so General Counsel Brad Smith continued.
In the meanwhile, US President Donald Trump has added his signature to the CLOUD Act (“Clarifying Lawful Overseas Use of Data Act), which obliges US providers to hand data over no matter where it has been stored. This has now rendered the central issue in the Redmond Ireland case – whether or not US laws can also be applied outside of the country – totally moot.
Microsoft has irked the US Department of Justice, however, by “refusing to acknowledge” that the CLOUD Act can also be applied to the existing warrant in this case. So the DoJ has now issued a new warrant expressly referring to the new law. Which Microsoft only deems to have clarified that the old warrant has now for once and for all shown to merely be a waste of paper.
Regarding the new warrant, Redmond has refrained from making any further statements, as though it were simply evaluating it in the same way as it evaluates all warrants issued by law-enforcement entities.
As far as Retarus is concerned, we can provide you with sound assurances that we run our own audit-ready data centers in Europe, APAC and the USA. And that we offer our customers the option of contractually stipulating in which location their data is to be processed.