The European Union is working on a new law that will allow EU law enforcement to obtain customer’s personal data even when it is stored outside the EU. The draft legislation is supposed to be presented to lawmakers and member states at the end of March. Any (tech) company doing business in the EU will be subject to this law, regardless of the nationality of those whose personal data is being sought.
The planned law seems to run contrary to the EU’s usual position of siding with privacy advocates who try to limit government’s reach into people’s privacy. Enacting a law that gives EU extra-territorial powers can also result in conflict laws in countries that do not allow sharing of personal data overseas. For example, in the United States certain companies are prohibited from disclosing information to foreign governments. Europe itself is very restrictive on how companies can transfer data outside the EU.
The planned law comes at a time when a similar landmark court case nears resolution in the US. It began in 2013 when the US government tried to force Microsoft to hand over emails that were stored on its servers located in Ireland. Microsoft refused and in that it was supported by its fellow tech rivals such as Apple, Amazon, Salesforce and eBay. In 2016 an appeals court ruled that the United States government could not force Microsoft to hand over emails and communications stored in servers outside of the US. But the Trump administration has called for the US Supreme Court to decide the issue. Its decision is expected by the end of June.