Twitter subpoenas: Highlighting the problem with globalized data

Birgitta Jónsdóttir, a member of the Althing – the parliament of Iceland – and a former Wikileaks supporter has apparently been informed by Twitter that the US Department of Justice has demanded that Twitter turns over the stored Twitter data they have regarding her account. This includes all actual tweets as well as some personal information about her. Not surprisingly, she is regarding the subpoena as a breach of privacy since she is not suspected of any crime. While Twitter have chosen to actually inform the targeted person of the existence of the subpoena, there seem to be a rising suspicion that other companies such as Google and Facebook are not as open toward their users. Which of course makes it an even worse privacy break since the persons are not even aware of that their personal information are eventually turned over to a third party, no matter that the third party happens to be a US governmental body.

The main problem here is not only the fact that personal user data aren’t as protected as the users in most case presume it to be, but also the fact that personal data belonging to persons not even in the legal jurisdiction of a country can be submitted to that country’s views of legality when it comes to data protection. In one way, if the process described in this case is deemed legal by US courts, it is perfectly legal. A sovereign state has the full right to have a bad legal protection when it comes to data – so long as it doesn’t go against any potential international treaties and agreement said state has signed of course. The problem however takes on a diffent dimension when personal data given up by persons not residing in or in any way having a connection to said state end up getting their personal information ceded to the authories in that state.

Now, of course there most likely is a clause in the user agreements for both Twitter, Facebook and Google that states something like that the user agrees to having their personal data stored and handled in the USA, and as such being under the jurisdiction of the US legal system. But the real question is how many of the millions of international users who are actually aware of this fact. Data protection and safety are tricky things, since they are so elusive in their geographical attachment.