Filter by/
Region/  All
Type/  All
Sorted By/  Most Recent

Data security v technology: is another legal bombshell about to hit marketers?

By / / In Best practice /
It’s a quandary currently causing anguish for American law-makers: Should the US government (aiming to track and rout terrorists and fraudsters) have the power to search email data that’s stored on a server in another country? Or would this open the floodgates for international ‘snooping’ and thus be a potential violation of personal data privacy? How seriously would global business be affected if data no longer feels secure and protected across borders? Robert Howells investigates the facts, weighs up the pros and cons and worries about the future . . .
data security v technology

While European regulators have at last replaced pre-internet age laws with GDPR, the United States Supreme Court is trying to adjudicate on a case between Microsoft and the Trump administration controlled by legislation that dates back to 1986.

‘United States vs. Microsoft’ was heard by the Supreme Court on February 27. A ruling is expected in June. Although its impact may not be of such immediate consequence to marketers as GDPR, the longer-term ramifications for all international data transfers, and the technology business as a whole, may be even greater. The case is ground zero for cultural, business and legal tensions between the technology industry and the US government, privacy groups and security agencies, and between the United States and the rest of the world. It also highlights the lag between legislation and real-world technology.

According to the New York Times, the German government has already indicated that it will not use any American company for its data services if Microsoft loses. Google, Yahoo and other technology companies have therefore all publicly sided with Microsoft. It is worth noting that with very few exceptions, the Trump administration has a fraught relationship with Silicon Valley.

So what’s the fuss about?

Back in 2013, the government got a warrant that ordered Microsoft to hand over emails connected with narcotics trafficking. Microsoft has said that it is unable to do this because the emails are stored on a cloud server based in Dublin. They have argued that under the Stored Communications Act of 1986, overseas data was outside the reach of the US government. Although lower courts have decided for and against this view since 2013, the one that counts is a Federal Court of Appeals ruling in 2016, that sided with Microsoft. The Department of Justice has now appealed again to the Supreme Court.

The real concern of the technology companies, of course, is that governments, consumers and businesses around the world will lose faith in the ability of US-owned companies to protect data even when ‘stored’ in local servers. This concern has already had consequences – it led to the demise of the long-standing Safe Harbor Agreement when a European consumer complained of its inadequacy all the way up to the European Court of Human Rights.

In an interesting side twist…

Chief Justice Roberts wondered whether Microsoft “might gain customers if you can assure them, no matter what happens, the government can’t get access to their emails”. In other words, would Microsoft transfer ALL email storage outside US borders? Microsoft’s lawyer said that would never happen, and the company usually stores data close to a customer’s own location.

The government’s argument is twofold:

  1. Firstly, it needs access to emails (always subject to a judicial warrant) for security and law enforcement reasons.
  2. Secondly, Microsoft can, in fact, store data anywhere it wants very easily. So data is not ‘stuck’ in Dublin on a 1970s-era mainframe.

Data security v technology: a potential solution

One way out of this is to base new legislation on the citizenship and location of the data subject rather than the physical (or virtual) location of the data. This, after all, is the guiding principle of GDPR. And just such legislation – the International Communications Privacy Act – was introduced last year in Congress. But it is still a long way off becoming law and the Microsoft case will not wait.

Justice Alito summed up: “It would be good if Congress enacted legislation that modernised this (the 1986 Act)….but in the interim something has to be done.”

Have an opinion on this article? Please join in the discussion: the GMA is a community of data driven marketers and YOUR opinion counts.

Data privacy and changes in the law will be under discussion – among other issues – at our MINT Data Driven Marketing Summit on Wednesday April 18 in central London. GMA readers can get £100 off the ticket price. Book NOW to hear top-level speakers share their knowledge about GDPR, innovation and the new data economy.

Robert Howells
Author: Robert Howells
Global Leader of Omnichannel and Data Driven Marketing at Howells Marketing Consultants LLC |

Formerly head of key accounts and group managing director, international, at Harte Hanks, Robert Howells served as chairman of the Global Advisory Board at the US DMA. He now helps companies drive revenue and make the right strategic and planning decisions, founded on his decades of experience – supporting marketing services companies, data providers, B2B marketers and other organisations in planning, executing and achieving revenue growth – around the globe. Howells Marketing Consultants: contact Robert Howells here –

Leave your thoughts

Related reading

  • Keep up to date with global best practice in data driven marketing