Fact is that the United States enacted the USA Patriot Act in October 2001 to fight terrorism and money laundering activities. The statute’s title – USA Patriot Act – stands for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act. It was intended to clarify, simplify and strengthen investigative powers for US law enforcement officials, because misunderstandings of pre-2001 criminal procedure and privacy laws were partially blamed for the failure of US law enforcement agencies in preventing the September 11, 2001 attacks. When the provisions of the USA Patriot Act expired in June 2015, President Obama extended some of its key provisions for another four years under a new name – the USA Freedom Act.
The press continues to report on discomfort around the world about this law. US businesses suffer and demand change. The following are some facts that demystify the notion that data in the US is endangered by the USA Patriot Act/USA Freedom Act:
- The powers contemplated by the USA Patriot Act/ USA Freedom Act are not relevant for most types of data in cloud computing arrangements.
- The US government is much more likely to obtain the data directly from data controllers (i.e., users of cloud computing services) because the data controller is closer connected to the data subjects, may have additional information and the government would not know initially what cloud services the employer uses.
- If the data controller is not based in the US and does not have a strong nexus to the US, chances are the US government is not interested in the data regardless of whether the data is hosted in the US.
- If the US government is interested, it can usually obtain access to the data through foreign governments through judicial assistance and cooperation treaties, regardless of where the data is hosted. The US has entered into mutual legal assistance treaties with over 50 countries, including Canada, Mexico, Australia, Hong Kong and a majority of the EU Member States, as well as a mutual legal assistance agreement with the EU. The cooperation under mutual legal assistance arrangements can include substantial sharing of electronic information between law enforcement authorities in the two countries.
- Most countries around the world allow law enforcement access to private information under similar conditions as in the United States. And, following the recent Paris attacks, we are currently witnessing strong calls in various EU Member States for laws to allow broader access to private information for law enforcement purposes. Compared with other countries’ laws, the USA Patriot Act/ USA Freedom Act does not stand out that much.
- Data is typically much more at risk of being accessed by governments at the place where the data controller is based.
- The USA Patriot Act/ USA Freedom Act issue is raised to support unrelated agendas, such as protecting local companies or unionized jobs from global competition.
