There is more to data accessibility than eDiscovery / eDisclosure which is my main subject. The use of data in one jurisdiction which exists in another is of growing concern, and not just to lawyers. The subject comes up again only a few days after I last wrote about it.
My recent article Conflicting positions on accessibility of data covered two different aspects of an increasingly important subject, the so-called “right to be forgotten”, and the increasingly insistent demands from US courts and agencies for access to emails and other data held outside the US. The work of the NSA comes into a third and rather different, since at least the first two involve some consideration of competing interests and conflicting laws; spies don’t worry too much about that sort of thing.
The first two subjects were conjoined in an article by Neil Cameron to which I referred in my own article. He has written again on the “right to be forgotten” following the publication of a report by the House of Lords EU sub-committee to which Neil gave evidence. The report is called EU Data Protection: a “right to be forgotten”? Note both the quotation marks around “right to be forgotten” and the question mark at the end. Neil Cameron says:
The good news is that the Committee has unreservedly, if not robustly, concluded overall that the so-called “right to be forgotten” (as it is currently defined by the ECJ and demonstrated by Google’s current attempts to conform to the judgment) “must go. It is misguided in principle and unworkable in practice” and that in the light of current technology “it is no longer reasonable or even possible for the right to privacy to allow data subjects a right to remove links to data which are accurate and lawfully available.”
Meanwhile, Microsoft has lost in its current bid to deny a US court access to emails stored on its Dublin servers. You might like to see an article on ZDNet called Microsoft ordered to hand over overseas email, throws EU privacy rights in the fire. The subject is further analysed in an Inside Counsel article called Microsoft will appeal judge’s decision on data stored in Ireland.
You may be interested also in Google’s reply to the EU’s article 29 working party to its complaints about Google’s implementation of the decision by the European Court of Justice in the Google statement case.
As with so many things, it is easy to be dogmatic and black and white about these conflicts. Speaking for myself:
I am against the US judicial imperialism implicit in the claimed right to demand documents from foreign servers.
I am against the idea that Google is a data controller which can be muzzled at the behest of the court, an individual or a business apart from questions of defamation and the proper protection of intellectual property.
I am against the UK’s so called “Snoopers’ Charter” not on principle, but because I do not believe that the relevant authorities can be trusted either as a matter of competence or as one of ethics – how long before the snooping right is abused by some semi-literate and officious pen-pusher in a local authority, by a humourless and stupid little runt at the Crown Prosecuting Service like the one who initiated the airport Twitter prosecution, or by those under-cover policemen recently caught sharing the lives of environmental activists incognito?
Most of all, I am against the untargeted collection of communications data by the NSA.
A more rounded view is required, however. Is it right that US corporations can put data beyond the reach of US courts by simply moving it to foreign servers controlled by foreign subsidiaries? Should Google be at liberty to disseminate personal data without any right given to the subject of that data to complain about it? At a time of increasing terrorist and criminal cyber-activity, can one properly deny to the state the power to keep an eye on those who would do us harm?
If you think there are simple choices here, you are not thinking enough.