BRUSSELS: The European Union is preparing legislation to force companies to turn over to customers' personal data when it is asked for, even if it is stored on servers outside the bloc, a position that will put Europe at loggerheads with tech giants and privacy campaigners.  The EU has the right to access the electronic evidence stored within the 28-nation bloc. But the scope of the planned legislation will extend to the data held by elsewhere, according to the two sources with direct knowledge of the matter.
which mean an individual's data can reside anywhere.
The EU push comes as a landmark legal battle in the United States nears its climax. The US Supreme Court will hear this in the United States in the case of a drug-trafficking investigation.
Many law enforcement officials. such powers are necessary for crime-fighting in the digital age. But campaigners say giving governments so-called extra-regional authority to reach across borders and access data. Technology firms like Microsoft, Apple and IBM say it would undermine consumer trust in cloud services.
The planned law, which would apply to all companies in the European Union, is an apparent shift in position for the European Commission, the EU executive, which has been on the side of privacy advocates in the past.
In 2014, it was said in relation to the Microsoft case that “extraterritorial application of foreign laws … and may be in breach of international law”.
Asked about the extra-territorial authority in the planned law, the European Justice Commissioner Vera Jourova told the Reuters the current method for accessing cross-border evidence was “very slow and non-efficient” criminals.
The proposed law would apply to the personal data of people of all nationalities, not just EU citizens, as long as they were linked to a European investigation, one of the sources said.
The legislation is still in the drafting stage. It can take up to two years for the law to be finally agreed.
Extra-territorial authority rules are however fraught with complexity, legal and privacy experts, they could conflict with existing data protection laws.
In the United States, for example, certain companies are prohibited from disclosing information to foreign governments while in Europe itself, consumers.
The Jourova recognized (19659002) The Jourova recognized by the United States on the issue
The Jourova recognized the challenges.
“Of course when we look at the transatlantic regime there we have to agree on the reciprocity with the American authorities,” she said in an interview. “This issue of reciprocity in the law enforcement area is highly necessary to discuss in order to avoid the problem of conflict of laws.”
Keeping pace with tech
The proposed rules are the latest attempt by the authorities around the world to update regulations to keep pace with technology. In May, the EU General Data Protection Regulation (GDPR) will come into effect, companies will give customers more control over their online information.
The foregoing law would give the European prosecutors the power to compel companies to hand over the data, bypassing existing legal channels known as mutual legal assistance assistance (MLAT).
Jourova of the three years to ensure serious crimes like terrorism and drug trafficking are covered, but the discussions are still ongoing.
Under the MLAT, which is the people criticized for being unwieldy and slow, a European prosecutor would have to go to the government of the country where the data was stored and asked for.
Some privacy campaigners agree that the MLAT system needs to be changed to the speed up the process, but oppose any moves to requisition personal data across borders.
“The Commission's main point of the course is that, once again, Estelle Masse, Senior Policy Analyst at Acc ess Now, a digital rights advocacy group, said at a conference in late January.
Asked about the Commission's plans, John Frank, vice president for the EU government affairs at Microsoft, said he thought it was generally “a bad idea.”
“I think the international law is pretty clear that police officer exercised outside your territory infringes the sovereignty of other countries, “he said at the same Brussels conference.
“If every country asserts extraterritorial jurisdiction … then everybody gets everybody's data.” – Reuters