US Government Agencies Will Soon Be Able To Access Foreign Medical Dossiers Due To Patriot Act

from the radical-transparency dept

"When using a cloud service provider that is subject to U.S. jurisdiction, data may be requested directly from the company in question in the United States. […] From a legal point of view, access to such information cannot be denied and cloud service providers can give no guarantees in this respect. […] The possibility that foreign governments request information is a risk that cannot be eliminated by contractual guarantees. Nor do Dutch privacy laws offer any safeguards in this respect. […] It is a persistent misconception that U.S. jurisdiction does not apply if the data government requests for information do not apply to Dutch users of the cloud. […] legal protection under specific U.S. laws applies primarily to U.S. citizens and residents. […] Given the nature of intelligence work, it is not possible to gain insight into actual requests for information by the U.S. authorities […] Cloud providers will typically not be able to disclose whether such requests are made"

"The transition to cloud computing will, in principle, result in a lower degree of autonomy [...]"

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

The US Patriot Act has suddenly scared an entire nation, and it's not the US itself this time. The Netherlands is currently going nuts about the US government being able to request medical details of all its citizens when the Dutch Electronic Patient Database (EPD) is implemented next month. This will not be the only country that freaks out because of the Patriot Act, as this sort of thing is likely to happen a lot more often. A recent study explained that US government agencies can secretly request anyone's data if they are using a cloud-computing service which. It is already sufficient when the service provider is somehow a subsidiary of a US company.That turns out to be a problem in the Netherlands, because the company that has developed the EPD and will be hosting the patients' data on its cloud computing systems is the US-based CSC . The Dutch government and the organization responsible for implementing the EPD are convinced there is no problem, because there are clear contracts which have assigned Dutch jurisdiction, and fortunately the Dutch have stringent data protection laws that will protect patients' sensitive data. Because that's what data protection laws do, right?False! At least with regard to information law, researchers from Amsterdam University warn that this analysis is way too simplistic. According to the scholars, it is quite possible the US government agencies can circumvent data protection laws and could easily request access to medical information of every single person in the Netherlands. The study doesn't just cover the Netherlands (though it is especially timely for that), but rather looks at how these risks may apply more globally. Here are just a few of the findings that should raise eyebrows across the globe:If the above doesn't yet lead to a new international outrage against the US Patriot Act, then the following sentence on the extra-territorial effects of the Patriot Act should at least send shivers down the spines of sovereignty-loving non-US government officials:

Filed Under: europe, netherlands, patriot act, privacy