May 31, 2017

Outdated Privacy Laws Can Jeopardize Your Business

Today, nearly every technology company has some involvement in the “cloud,” but an international patchwork of outdated and conflicting privacy laws on how law enforcement can access our online data threatens the entire industry. In the U.S. Senate, Senators such as Utah’s Senator Hatch have led the pressure on Congress to establish clarity for U.S. companies doing business overseas, protect our individual privacy rights, and help law enforcement do its job more effectively.

Cloud computing technology allows even the smallest, most remote companies to serve clients around the globe, and the cloud works most efficiently when it allows them to store their data where it makes the most technical, rather than the most geographical, sense. However, the future of cloud computing opportunities remains murky unless we update the legal framework governing how law enforcement can access data stored overseas.

Implemented in 1986, years before the cloud was even invented, the Electronic Communications Privacy Act (ECPA) is outdated, ambiguous, and proving harmful to the success of our business, the trust of our customers, and the ability of law enforcement to do their jobs effectively. Because of the ambiguities codified within this privacy law, companies providing cloud services are caught precariously between international legal jurisdictions. For example, when faced with a U.S. law enforcement request to gather data stored in a cloud server in Italy, American companies are forced to choose between abiding by US or Italy data access laws.

This ambiguity is having an unintentional chilling effect on our ability to do business around the world. Without clarity on where and how U.S. warrants may be used to access cloud data, companies can be hesitant to store data overseas. Meanwhile foreign companies are increasingly hesitant to house data in the United States, because they are concerned about the privacy of their data.

The result has been a series of time consuming lawsuits in the U.S. Court of Appeals with differing outcomes, while uncertainty for companies and citizens builds, and law enforcement’s access to data is not clarified. Congress needs to act.

Senator Hatch helped jumpstart Congress’s interest in privacy law last year when he introduced the International Communications Privacy Act (ICPA). Though it did not pass, this legislation would have helped to clarify the responsibilities of businesses storing data overseas, ensure law enforcement has the tools it needs to access information abroad, and restore the trust of foreign companies storing data in the United States. This week, legislators on the Senate Judiciary Committee have an opportunity to revisit this vital issue.

It’s imperative that Congress quickly address the ambiguity within our current law. As every company becomes a software company, we need legislation that supports our companies’ ability to store data overseas, protects our individual privacy rights, and helps U.S. law enforcement do its important job. The success of cloud-driven companies depends on it.

Get involved: Contact your Senator and express your support of updated privacy laws.

Note: a more Utah-centric version of this appeared in Utah’s Deseret News newspaper on 23 May 2017. That Op Ed piece was also quoted by Senator Hatch in the Senate the same week. Image by Martin Falbisoner (Own work) [CC BY-SA 3.0 (], via Wikimedia Commons.