Under the provisions of the US Patriot Act the personal data of SaaS customers based in the EU could be shared with US law enforcers without the customer being informed, although this conflicts with EU data protection laws. This Act applies not just to SaaS suppliers owned by a US company but any SaaS suppliers using the services of a US subsidiary for data processing or a US data centre.
The Patriot Act
Under EU data protection laws SaaS suppliers must tell customers when they are asked to disclose personal data. However, such provisions conflict with SaaS supplier’s obligations to comply with the Patriot Act.
The Patriot Act gives US law enforcement authorities the right to access personal data held by SaaS suppliers, regardless of where in the world the data is stored. The Act also gives US law enforcers the right to prevent SaaS suppliers from informing their customers that they have had to hand over personal data.
Conflict with EU Data Protection Laws
If the Patriot Act applies to you, you should have procedures and measures in place to deal with any requests for information under the Patriot Act. These procedures need to be set out clearly in your SaaS agreement, bearing in mind your obligation to comply with this particular US law.
For example Microsoft states in its SaaS privacy policy “in a limited number of circumstances, Microsoft may need to disclose data without your prior consent, including as needed to satisfy legal requirements, or to protect the rights or property of Microsoft or others (including the enforcement of agreements or policies governing the use of the service).”
Help
Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:
irene.bodle@bodlelaw.com
www.bodlelaw.com
To register for my newsletter click here
______________________________________________________
Other related articles:
- SaaS Agreements – FAQs – Prism
- SaaS Agreements – Data Protection – Prism and US Laws
- SaaS Agreements – Data Protection – Renewed Customer Concerns about the Patriot Act
- SaaS Agreements – Data Protection – FISA Customer Concerns
- SaaS Agreements – Essential Elements
- SaaS Agreements – Essential Elements – SLAs Explained
- SaaS Agreements – FAQs – Security
- SaaS Agreements – FAQs – Software Licence
- SaaS Agreements – FAQs – Source Code and Object Code
- SaaS Agreements – FAQs – Escrow
- SaaS Agreements – FAQs – Confidential Information
- SaaS Agreements – FAQs – Data Protection
- SaaS Agreements – Data Protection – Data Stored in the USA
- SaaS Agreements – Data Protection – New Proposed EU Rules Part 2
- SaaS Agreements – Data Protection – New Proposed EU Rules Part 1
- SaaS Agreements – Jurisdiction – Info made Available on Internet
- SaaS Agreements – Need for an NDA Prior to Signing a SaaS Agreement
- SaaS Agreements – Distributor or Agent – Is There a Difference?
- SaaS Agreements, Software on Demand – Confused?
- SaaS Agreements – Data Protection – Data Commissioner Issues First Fines in UK
- SaaS Agreements – Data Protection – Sub-Contractors & Model Clauses
- SaaS Agreements – Data Protection – Liability for Loss of Backup Tapes
- SaaS Agreements – Data Protection – Safe Harbor Issues with German Customers
- SaaS Agreements – Data Protection – Transfer of Data Outside the EEA
- Cloud Computing and the Legal Cloud