In an important ruling, the US Court of Appeals for the 2nd Circuit has upheld Microsoft's challenge to a warrant which sought the disclosure of information held in Ireland by one of its Irish subsidiaries. The case has raised important questions regarding the power of US authorities to issue warrants for extraterritorial search and seizure, particularly where the disclosure of such information would place the subject of the warrant in breach of local data protection law.
The case relates to a warrant originally issued in December 2013 that required the search and seizure of information associated with an email account, which is stored on servers located in Ireland and owned and operated by Microsoft Ireland Operations Limited. Microsoft sought to quash the warrant on the basis that courts in the US are not authorised to issue warrants for extraterritorial search and seizure.
In its submissions to the Court, Microsoft noted that to the extent that information that is the subject of the search warrant contains personal data, Microsoft Ireland's processing of that personal data is subject to Irish data protection law. Compliance with the search warrant (without following the Mutual Legal Assistance Treaty route) would place Microsoft Ireland in breach of Irish data protection law.
In an indication of the importance of the case, numerous amicus briefs were filed in support of Microsoft by technology and media companies, including Amazon. com, Apple, AT&T, eBay, and Verizon Communications. More than a dozen trade groups and 34 computer science professors also signed onto briefs supporting Microsoft. Ireland also filed an amicus brief in the case on 23 December 2014.
Whilst the outcome of the case provides welcome clarity, we await confirmation of whether the Department of Justice will seek an appeal to the Supreme Court. In the interim, it of course remains open for the Department of Justice to seek the relevant emails under the Mutual Legal Assistance Treaty process.