Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft: US should follow EU data privacy laws for European citizens

By

microsoft open sources graph engine microsoftlogo
Drserg/Shutterstock
People’s legal rights need to move with their data, according to Microsoft president and chief legal officer Brad Smith, stating that the industry is urgently in need of a new agreement to replace Safe Harbor.

Safe Harbor, an agreement among 4,000 U.S. companies that transfers data of Europeans to the U.S., was struck down by the Court of Justice of the European Union (CJEU) on October 6, leaving tech giants scrambling for an alternative.

If no new long term arrangement is made, we will “return to the digital dark ages,” where data is required to stay within each country’s borders, said Smith in a blog post. A new agreement needs to work for major tech companies and small businesses alike, he added.

In any other case, this agreement would be easy to come to, but given the nature of data and how much it travels from country to country, things become more difficult.

“This agreement needs to protect people’s privacy rights pursuant to their own laws, while ensuring that law enforcement can keep the public safe through new international processes to obtain prompt and appropriate access to personal information pursuant to proper legal standards,” he said.

Microsoft itself is currently entangled in a legal battle with the U.S. over the access to its servers in Ireland as part of a U.S. investigation.

Smith proposes a new agreement that essentially involves the U.S. applying E.U. law directly to E.U. citizens’ data. In other words, regardless of where your data travels, it will be protected by your country’s laws.

This would amount to a new trans-Atlantic deal whereby governments open dialog with other governments and make search warrant requests to a national’s government if it wanted to access the data of one of its citizens.

“The [CJEU] court required that EU nationals receive for data moved to the United States legal protection that is “essentially equivalent” to their legal protection at home,” said Smith. “This would ensure precisely that, because their own governments would continue to apply their own law.”

This would also apply in reverse. If a European authority is investigating an American citizen, it would need to obey U.S. privacy laws during the investigation, and appeal to the U.S. directly when seeking access to data. In a scenario where an EU citizen physically moves to the U.S. (or vice versa again), the government would only need to consult its own court.

Currently, there is a January deadline in place to come to a new deal over how data must be protected.

“This is the privacy version of a Rubik’s Cube,” said Smith, given all the pieces that need to come together to work for everyone.

Topics
Jonathan Keane
Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more