Territoriality will continue to be one of the most vexing problems for data regulation in 2018. One aspect of this debate relates to whether a U.S. judge can compel the disclosure of personal data located in Europe without using international treaty mechanisms. This issue is currently being considered by the United States Supreme Court in the case United States v. Microsoft. The case involves the question of whether a U.S. statute relating to search warrants can be interpreted as extending to a search for data located outside the United States; in this case, the data is located in Ireland. The U.S. Court of Appeals found that, in the absence of express wording in the statute relating to extraterritorial application, the statute should be interpreted as being limited to searches conducted within the territory of the United States. The Supreme Court is currently reviewing the case. In December, 2017, the European Commission filed an amicus brief urging the Supreme Court to give due consideration to the principles of international comity and territoriality when interpreting the U.S. statute.
Last Monday, the Supreme Court granted certiorari in the Microsoft search warrant case, a case in which Microsoft challenged the U.S. government’s right to use the warrant process to obtain certain emails stored overseas. Some view the upcoming decision as signaling the level of access the U.S. government will have to the growing troves of data U.S.-based technology companies hold about citizens of the world. And regulators in the EU and other jurisdictions may view a reversal of the Second Circuit decision as a negative factor when considering the protections the U.S. government afford their citizens’ data. The case was previously decided twice in Microsoft’s favor in the Second Circuit, which declined to grant en banc review by a 4-4 decision.