I’ve commented frequently about the tendency of foreign governments to interfere with speech rights in pursuit of legitimate public policy objectives. Is there hate speech or terrorist material online? Let’s require websites and social media platforms to purge it from their systems. Is there outdated or irrelevant material online? Let’s require search engines to delete links to this material. Is there fake news? Let’s require online websites to block it. In each case, the law would go too far. It would restrict far more speech than is necessary to achieve legitimate policy goals.
The Microsoft Ireland case goes before a Second Circuit Court of Appeals on September 9. The case raised this fundamental question: when U.S. law enforcement wants a U.S. email provider to provide them with information about a foreign national, whose law applies? U.S. law or the law of the data subject’s country? Microsoft’s brief, the United States brief, and legal commentary all focus on the location of the data as the key element in reaching a decision. But this leads to insoluble difficulties, not matter who wins the case. A better alternative would focus on the citizenship or the location of the user as the key element. This appropriately takes into account the privacy interest of the user in that country as well as the sovereignty interests of the country itself.