Internet businesses that offer data storage for companies today are referred to as cloud providers, but actually these kinds of businesses have been operating since at least 1964 when the label then was timesharing1. So in 1986 the US Congress established laws dealing with the protection of data stored remotely, under the Stored Communications Act (‘SCA’)2, part of the Electronic Communications Privacy Act (‘ECPA’)3.
Pending in the US Court of Appeals for the Second Circuit is an appeal filed by Microsoft from an order denying its motion to vacate a warrant issued pursuant to the SCA. At the centre of the dispute between Microsoft and the US Government is the court’s interpretation of the ECPA. Cloud data storage facilities, even if owned by a US-based company, may be subject to foreign laws and may store non-US citizens’ information. The US court’s ruling may have far-reaching implications for US-based companies’ international operations and individual privacy expectations around the world.
In September 2014, a bill was introduced into the US Senate – the LEADS Act. In February 2015, a companion bill was introduced into the House of Representatives. The LEADS Act proposes to amend the ECPA. If passed, the bill may not resolve the dispute between Microsoft and the US Government, but it could provide a path forward for similar disputes in the future.