Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in International/EU Privacy

Hogan Lovells White Paper on Governmental Access to Data in the Cloud Debunks Faulty Assumption That US Access is Unique

Hogan Lovells has published a White Paper with the results of a study about governmental access to data in the cloud. The paper was written by Christopher Wolf, co-director of Hogan Lovells’ Privacy and Information Management practice, and Paris Office partner Winston Maxwell.  It was released today at a program presented by the Openforum Academy in Brussels at which both Wolf and Maxwell spoke.

The paper examines governmental authority to access data in the Cloud in the following countries: Australia, Canada, Denmark, France, Germany, Ireland, Japan, Spain, United Kingdom, and the United States.  Experienced counsel in each of those jurisdictions provided input on the scope and effect of their respective national laws.

The White Paper debunks the frequently-expressed assumption that the United States is alone in permitting governmental access to data for law enforcement or national security reasons.  It examines the laws of the ten countries, including the United States, with respect to governmental authorities’ ability to access data stored in or transmitted through the Cloud, and documents the similarities and differences among the various legal regimes. The findings are set forth in the text of the White Paper and in a chart contained in the document. (The chart is reproduced below).

The White Paper reveals that every jurisdiction examined vests authority in the government to require a Cloud service provider to disclose customer data. It explains why the access provisions of the USA Patriot Act are narrower than commonly thought.  

The White Paper also reveals that, unlike in the United States where the law specifically protects cloud data from access by the government without legal process, data stored in the Cloud may be disclosed to governmental authorities voluntarily in some jurisdictions, without legal process and protections.  

The White Paper concludes that businesses are misleading themselves and their customers if they believe that restricting Cloud service providers to one jurisdiction better insulates data from governmental access. It is incorrect to assume that the United States government’s access to data in the Cloud is greater than that of other advanced economies.

A summary chart of the White Paper’s findings follows: