Below is what we said were among critical policy issues in cloud computing:
The storage of data in multiple, usually foreign, jurisdictions raises a different set of regulatory issues including data protection and police investigatory powers. The jurisdictional issues are anchored on the location of the firm and the location of the data. In the former instance, wherever the data may be located, the firm may be ordered to ensure that data are subject to the laws applicable to the jurisdiction within which the firm is located. As a corollary, the firm may be required to ensure that the data are located ins jurisdictions where the laws are consistent with those of its home jurisdiction. This was not too difficult a problem in the past because the firms that stored or processed data in foreign locations were large entities with capability to enforce the applicable rules through contracts and otherwise. In the context of cloud computing, the smaller firms that will begin to store and process data in foreign jurisdictions are unlikely to have those capabilities. In fact, they may not even know where the data is stored, since multiple servers and dynamic resource allocation to tasks is the norm in cloud computing.
This was a contribution to UNCTAD’s 2013 Information Economy Report.
It appears that a second court in the US has asserted jurisdiction over data stored outside the US.
Judge Loretta A. Preska of the United States District Court for the Southern District of New York on Thursday upheld a magistrate judge’s ruling that Microsoft must turn over the customer’s emails, held in a Microsoft data center in Ireland. Big technology companies have rallied around Microsoft in the case, seeing the ruling as a potential threat to their plans to offer cloud computing services overseas.
Microsoft plans to appeal the ruling. Judge Preska agreed to stay her order while the company pursues the appeal.