Hi All,
I would like to share with you this topic, related to US law privacy (source Out-law.com);
A law which gives US citizens certain rights to privacy over their electronic communications also gives protection to non-US citizens if their data is stored on US servers, a US court has ruled. (06 Oct 2011)
you can find the full text on:
http://www.out-law.com/en/articles/2011/october/privacy-protections-in-act-apply-to-all-electronic-communications-stored-in-the-us-court-rules/
I would argue that this law may apply to US and non-US citizens as long as the data is stored in the US domain.
any other views?
Ban
Thank you Ban for posting such interesting study case.
ReplyDeletepursuant to the national legislation( 4th amendment and the ECPA), that ruling extends individual privacy protection to a wider range than it is known in US.
If we assume that the location of the server where the documents are stored is a determining factor, here comes a question. What if I have two Hotmail accounts , one of them is stored in a server in china, the other is stored in the US domain, Will still statutory protection apply only on the later?
comparatively, what would be the outcomes if this case took place in UK?
Any thoughts?
Since I do not have Law background, I wonder if a national legislation applies internationally. I guess not!
ReplyDeleteTherefore, in this case as it is a national legislation, in my opinion the case applies only to the data stored on servers in the US.
The question I ask now, is there such international legislation?
I think the -partial - answer Ban is that anyone can invoke these rights in the US. I think you made that point.
ReplyDeleteNo national law can apply in other countries and that is the main reason why we have international conventions, even though the enforcement of these can be problematic. An issue may be whether a country can claim control over assets or a company within its jurisdiction. Hotmail is, I think a US company and would be subject to US jurisdiction regardless of where physical components may be located. There may often be an issue of ownership of companies and subsidiaries and it may be that Hotmail China is legally distinct from Hotmail US. I don't know, I'm afraid.
It would be much the same here, I'd have thought - a tourist whose data are processed during their stay in the US has the same rights as a UK citizen in respect of the Data Protection Act 1998, for example.
ReplyDeleteSimilarly, if a tourist makes use of an electronic communications service (or a public telecommunications service) whilst in the UK, they would be entitled to the protection of their privacy, but also be liable to have their communications intercepted by law enforcement, their communications data retained and disclosed and so on.
Data protection should not discriminate on grounds of nationality. However, the geographic location of access should be considered. If for example, I access the Internet using a UK ISP via a Proxy in Asia I cannot expect the data I am transmitting to be protected as the Country from where I am transmitting may be wide open to access.
ReplyDeleteWould it make any difference if I accessed my data via Hypertext Transfer Protocol Secure (HTTPS)?
ReplyDeleteIf for example, I access the Internet using a UK ISP via a Proxy in Asia I cannot expect the data I am transmitting to be protected
It may well be protected, but the problem is the lack of knowledge around the Asian requirements (and practical implications) on telcos. It's for a reason such as this that I route all my web traffic through an encrypted tunnel to the UK, for where it is proxied out to the web; it might not be a perfect solution, and, obviously, it remains interceptable in the UK, since that's the breakout point, but at least it is a jurisdiction with which I'm familiar.
(Although, to be honest, it's primarily for safety not from law enforcement, but from other prying eyes.)
Would it make any difference if I accessed my data via Hypertext Transfer Protocol Secure (HTTPS)?
Only in the sense that the interception product of a session using https would not be intelligible, since the traffic is encrypted. It has no impact on disclosure of stored (e.g. retained) data, for example.
If in doubt, though, switch it on...