Despite the results of the study, firms in other countries should be "reluctant" to turn over data to U.S. cloud providers, said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a privacy group.
Since the Sept. 11, 2001, terrorist attacks on the U.S., "the U.S. government has simply been far more aggressive in its demands for data from other jurisdictions than have other governments," Rotenberg said in an email. "The U.S. is also widely believed to have more powerful data processing tools than any other government. There is simply no other spy agency that competes with the NSA [U.S. National Security Agency]."
The study surveyed the laws in 10 countries, and all 10 allow the government to require a cloud provider to turn over consumer data in the course of an investigation. In eight of the 10 countries, cloud providers may voluntarily turn over some data to the government in response to an informal request, the exceptions being the U.S. and Japan.
Eight countries do not require the cloud provider to notify its customer when it turns over data to government investigators. German and U.S. law allows cloud providers to notify customers, with some exceptions.
All 10 countries allow government agencies to monitor electronic communications sent through the systems of cloud providers, the study said. Eight of the 10 countries allow government investigators to require cloud providers to turn over information stored on a server in another country. Germany and Japan do not allow such access, with some exceptions.
Sign up for CIO Asia eNewsletters.