On Friday, the U.S. Department of Justice filed a petition seeking the Supreme Court to consider an ongoing legal case about access to data stored overseas. But the courts are powerless to craft a balanced policy for law enforcement access to data stored abroad. Only Congress can do it.
The Microsoft Ireland case goes before a Second Circuit Court of Appeals on September 9. The case raised this fundamental question: when U.S. law enforcement wants a U.S. email provider to provide them with information about a foreign national, whose law applies? U.S. law or the law of the data subject’s country? Microsoft’s brief, the United States brief, and legal commentary all focus on the location of the data as the key element in reaching a decision. But this leads to insoluble difficulties, not matter who wins the case. A better alternative would focus on the citizenship or the location of the user as the key element. This appropriately takes into account the privacy interest of the user in that country as well as the sovereignty interests of the country itself.