Microsoft has published a blog post written by president and chief legal officer Brad Smith, in which he calls on the US government to respect EU privacy laws for the personal data of its citizens. The note describes privacy as a 'fundamental human right' and urges the US government to commit to only accessing private information stored in the United States about EU citizens in a manner that 'conforms with EU law, and vice versa'.

Microsoft's decision to publish the blog post, a move which may appear unconventional for a major US company, is reflective of broader private sector concerns about the collapse of the Safe Harbour framework and the need to engineer a successor by January 2016. Under the Safe Harbour agreement, major technology companies have been allowed to store the personal data of EU citizens on American servers, and US privacy laws have been considered sufficient safeguards for that data by EU officials. The pact was designed to make it easier for technology companies to do business in both the EU and US without needing to set up separate servers.

However, the Court of Justice of the European Union (CJEU) rocked companies earlier this month by ruling that transatlantic transfers of personal data facilitated under the Safe Harbour agreement are likely to become illegal across the EU. The decision appears to be immune to circumvention through new legislation, as the CJEU based its ruling on the EU Charter of Fundamental Rights, with which all new laws must comply.

'On October 6, the Court of Justice of the European Union struck down an international legal regime that over 4,000 companies have been relying upon,' writes Mr Smith, 'We need a global internet. At least from a legal perspective, this challenge would be straightforward if data did not need to move around. New laws might command that everyone's information stay inside one's own country or perhaps even on one's own devices. But that would require a return to the digital dark ages.' Mr Smith's post concludes by calling on governments to embrace the collapse of Safe Harbour as an opportunity to modernise old laws and legal processes to suit the needs of business in the digital age.

Among the recommendations put forward by Mr Smith for transatlantic data protection post-Safe Harbour is a caveat that deference to EU privacy laws be waived in instances where an EU citizen is physically located in the US, in which case US privacy laws should take precedence. Sources: Microsoft Blog; Ars Tecnica UK