Microsoft and other US-based internet service providers won a major victory on July 14 at the US Court of Appeals for the Second Circuit, which held that the company is not required to comply with a federal search warrant for customer emails stored on a server in Dublin, Ireland. The ruling is the first by a federal court of appeals to address the extraterritoriality of the Stored Communications Act (SCA) often used in government investigations to obtain data. Whether other courts will follow this groundbreaking ruling remains to be seen.
For now, the court’s ruling also avoids a major conflict between EU and Irish laws that protect personal data located in Ireland from being delivered to US law enforcement through a warrant from the United States. The US government’s ability to compel the production of personal data located abroad has been a significant policy issue concerning the establishment of an EU-US Privacy Shield. The court decision also avoids a conflict with the new European General Data Protection Regulation (GDPR) and the Schrems decision of the European Court of Justice of last October.