One of the great regulatory challenges of the Internet era—indeed, one of today's most pressing privacy questions—is how to define the limits of government access to personal data stored in the cloud. This is particularly true today because the cloud has gone global, raising a number of questions about the proper reach of one state's authority over cloud-based data. The prevailing response to these questions by scholars, practitioners, and major Internet companies like Google and Facebook has been to argue that data is different. Data is “unterritorial,” they argue, and therefore incompatible with existing territorial notions of jurisdiction. This Article challenges this view.
The Article argues that the jurisdictional challenges presented by the global cloud are not conceptually as novel as they seem. Despite the technological wizardry of modern life, the “cloud” is actually a network of storage drives bolted to a particular territory, and there is substantial case law suggesting that courts think of data as a physical object. Moreover, even if the cloud were a free-floating ether, data can be thought of as an intangible asset, like money or debt, which flows across borders; courts have been adjudicating such jurisdictional disputes for centuries. These precedents suggest numerous grounds for states to assert jurisdiction over data—not a single test, as major Internet companies claim.
After showing that these jurisdictional problems are not unprecedented, the Article draws from these precedents and outlines practical steps that courts, Congress, and the President can take to alleviate jurisdictional conflicts over the cloud. As Microsoft's cross-border dispute with the U.S. Department of Justice works its way through the courts, the President negotiates a treaty with the United Kingdom regarding cross-border access to the cloud, and Congress rewrites the Electronic Communications Privacy Act, finding a grounded approach to addressing this problem—one rooted in longstanding jurisdictional and conflicts principles—has never been more critical.
Woods, Andrew Keane, "Against Data Exceptionalism" (2016). Law Faculty Scholarly Articles. 593.