The privacy of cloud computing services has been significantly bolstered by a ruling that the United States government cannot force Microsoft to provide emails and other personal data located on overseas servers.

In December 2013, a New York court issued a warrant demanding emails stored by Microsoft in an Irish data centre from a subject under investigation be turned over to the US Justice Department. The government argued that the US Stored Communications Act gave it the authority to use a warrant to collect these emails despite the server being located abroad. Microsoft refused to comply, arguing that allowing the warrant to be enforced eroded global privacy.  It stated that if people worldwide were to trust Microsoft technology, they had to trust that the security of their personal information would be protected by the laws of their own country, not superseded by US law. This stance was backed by a large number of its tech rivals, including HP, Cisco and Amazon. 

The resulting appeal has been attentively watched worldwide, highlighting the tensions between a European-style approach that closely guards personal privacy and increasing requests from the US government to access such information for, among other things, the fight against terrorism and crime.  Within the US, it is a further installment in the on-going fight as to how much power the government has to force tech companies to help them gather data in investigations: this case follows closely on the heels of the US government's failed attempt to require Apple to unlock the iPhone belonging to the San Bernadino shooter so that it could access personal data held on that device.

This ruling could have wide-ranging effects in relation to the security of personal information stored in the cloud. It might well influence companies' decisions about where to locate their servers, placing them outside of the US in order to protect their users' data sovereignty. Further, it might entice users of cloud services to choose businesses with servers located in alternative jurisdictions, whether this is to protect their own privacy or for nefarious purposes. It also emphasises the disconnect between laws that were drafted decades ago, and the international flow of data that is commonplace today. 

This might not be over yet: the US Justice Department has already stated its disappointment with the decision and that it is considering its options. Until analogue legislation is updated to fit into a digital world, this current reprieve may only represent the eye of the storm.