Hague reassures MPs on Office 365 data storage as Microsoft ordered to hand over email data

UK government reassures MPs parliamentary data is safe on Microsoft servers as US judge finds Microsoft in contempt for refusing to hand over data

The UK government has reassured MPs their parliamentary data is safe on Microsoft servers in Ireland, as a US judge finds Microsoft in contempt of court for refusing to hand over email data stored on a server in Dublin. 

William Hague, the leader of the House of Commons, has responded to concerns raised by an MP about the security of parliamentary data stored on Microsoft’s Cloud-based servers in Europe.

“The relevant servers are situated in the Republic of Ireland and the Netherlands, both being territories covered by the EC Data Protection Directive," William Hague wrote in a letter to John Hemming, MP for Birmingham Yardley.

"Any access by US authorities to such data would have to be by way of mutual legal assistance arrangements with those countries.”

Hague implied MPs’ emails and documents would be protected from US surveillance, as the American courts would be unable to override the EU data protection regulations that protect the private information.

“The US authorities could not exercise any right of search and seizure on an extraterritorial basis,” Hague said.

Microsoft in contempt

However,  Hague’s assurances were called into question after a US court found Microsoft in contempt for refusing to hand over copies of emails, stored on a server in the Republic of Ireland, to the US government.

US District Judge Loretta Preska made the judgement after Microsoft requested to be found in contempt, to take advantage of the right to appeal that follows a contempt ruling. The US government claims the emails are connected to drugs trafficking.

Parliamentary correspondence at risk from US surveillance

John Hemming MP told Computer Weekly Hague’s reassurances carried little weight in the face of aggressive legal action by the US government. 

“The Microsoft case makes it clear that, in the end, the fact that Microsoft is a US company legally trumps the European Data Protection Directive," said Hemming.

"And where [the letter says] the US authorities could not exercise a right of search and seizure on an extraterritorial basis, well, they are doing that, in America, today.”

Whether or not the US Supreme Court will uphold the right to make extraterritorial searches remains to be seen, said Hemming. If Microsoft is let off, there will be implications for the security of all other extraterritorially stored data. “But,” Hemming added, “it is a secret court.”

Concerns over cloud security

“So I think the parliamentary authorities need to think very carefully about whether their chosen solution is appropriate.”

Parliament migrated MPs’ and peers’ mailboxes to Microsoft’s Office 365 cloud servers in July 2014.

Hague wrote to Hemming, an IT specialist, after he raised concerns about the security of parliamentary data stored in the cloud.

Hague’s letter was co-signed by Alan Haselhurst, chairman of Parliament’s Administration Committee. 

Parliamentary data exempt from MI5 scrutiny

Parliamentary correspondence has statutory exemption from scrutiny by the British security services. Hemming questioned whether a situation in which American intelligence officials may access it at will is constitutionally acceptable.

“The law of Parliament states that the security services are not allowed access to parliamentary emails. I find it a bit odd that we establish a legal position where a foreign country’s security services are allowed access but ours are not.”


Read more on Cloud computing services

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Moving to Office 365 was a stupid idea. Don't get me wrong I love the product and service as much as anyone else I even resell it however a governments data should only be in the hands of the government. Sounds like someone mentioned the cloud and everyone jumped onto it what they should have done if anything is moved to a hosted exchange solution in a UK data centre run by a UK company, which would appear to be very similar but in regards to where it is hosted and who would be allowed to legally gain access to it that would be down to our legal system and the EU.


Any organization who make use of Office 365 or public cloud SaaS applications and have concerns about privacy and information security should take a hard look at the zero trust model offering from cloudmask.com. It is simple to implement, is transparent to the service provider and provides "data anonymity".