Microsoft president and chief legal officer Brad Smith has presented a new safe harbor pact to replace the agreement struck down earlier this month by the European Court of Justice (ECJ).
The ECJ ruled that transferring Europeans' private information in and out of America is no longer allowed because America's privacy laws aren't compatible with the EU's. The US and Europe had a safe harbor pact permitting this flow of personal data over the Atlantic, but the court tore it up, which is a major problem for Silicon Valley.
More ReadingDutch court says BREIN should get e-book uploaders' namesSilicon Valley freeze-out: EU watchdog tells firms clock is ticking to limit data transfersEuro privacy warriors: You've got until January to fix safe harbor mess – or we unleash hellOn its way: A Google-free, NSA-free IT infrastructure for EuropeIs streaming pirate video legal? Europe's highest court will take a look
Smith agreed the system had to change, but warned of the dangers of a Balkanized internet – a Euro internet versus an American one – saying it would lead to "a return to the digital dark ages."
"It's an opportunity whose time has come," he said in a blog post. "This month the old legal system collapsed, but the foundation long ago had crumbled. In recent years it has been apparent that a new century requires a new privacy framework. It's time to go build it."
Microsoft's plan is ridiculously straight forward: a new legal framework for handling data, where blocs on both sides of the Atlantic agree to play by each other's rules. American firms with European customers would handle their data in compliance with EU rules and vice versa.
That changes, however, if an EU citizen lives in the US or if an American moves to Europe. In that case the data rules used match the physical location of the customer. Finally, governments seeking data on a customer must only get it through the company that operates the data, to ensure the rules are followed.
"There are other nuances and complexities that should be considered as well. There always are," he said.
"But this fundamental approach would cut through the existing legal confusion by making clear both that people will not lose their privacy rights when their data is moved across a border, and that there is an effective and legally proper basis for law enforcement to access the data needed to keep the public safe."
Microsoft laying out its plan in this way is certainly useful to the debate, but El Reg suspects it won't be as easy as that. Getting the new rules past the EU, which is currently sore over NSA spying, will be tricky, and getting the US Congress to act will be akin to herding cats. ®