SaaS Agreements – Data Protection – The UK Patriot Act

Recently SaaS suppliers have seen a marked increase in EU customers raising concerns about disclosure of their data to US law enforcement authorities under the Patriot Act – an American anti-terrorism law – particularly where the SaaS supplier has a parent company in the USA or data is being hosted or processed in the USA.  Now to add to your problems, the UK Government plans to introduce its own “Patriot Act” type law in the near future.

Proposed Increase in E-Mail and Web Monitoring  in the UK

According to the BBC and Guardian websites, a controversial new English law is expected to be announced in the Queen’s speech on the 9th of May. The proposed new law will allow the UK police and security services to access the Web and Internet phone traffic of all UK residents. This will include access to all phone calls (made via the Internet), emails, social media exchanges and website visits.

Information that may be Disclosed

The proposals will grant UK police and security services the right to see:

  • the time of a call, email, or website visit;
  • the duration of the call or visit;
  • which websites or phone numbers were called; and
  • details of the sender and recipient of emails, such as IP addresses;

without any need for first obtaining a court warrant.

If a warrant is obtained, then the content of such messages will also be disclosed upon request.

Justifications for the New Law

The proposed legislation will loosen the existing surveillance arrangements set out in the Regulation of Investigatory Powers Act. The Government claims these new rights are needed to give the police and security services extended powers to enable them to investigate serious crime and terrorism. The same argument used in the USA prior to the introduction of the Patriot Act. The new law will in effect give the UK police and security services rights very similar to those granted to US authorities under the Patriot Act.

Problem for SaaS Suppliers

If this proposed new law is adopted, UK based SaaS suppliers will face increased difficulties in:

  • persuading customers to move across from more traditional suppliers to the SaaS model; and
  • allying customer concerns about the security and confidentiality of data.

Previous problems raised by SaaS customers over the application of the Patriot Act will fade into insignificance in comparison with these new UK rights.


Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

To register for my newsletter click here


Other related articles: