A recent ruling by a federal appeals court states that the U.S. government could not force a company to turn over third-party communications content stored outside the country. The Second Circuit Court of Appeals (Court) agreed with Microsoft that a request to produce customer content held in Ireland was beyond the scope of the Stored Communications Act.

“It’s an extremely significant decision [that the Act] does not authorize a U.S. district court to issue a search warrant to seize data being held by ISPs or remote computing services (cloud services) outside the territorial U.S.,” Edward McAndrew, Ballard partner, told The Cybersecurity Law Report.

“This is a domestic law enforcement investigation into drug trafficking and money laundering with a warrant directed to a U.S.-based company,” he said. “The real significance is that we now have the Second Circuit saying that district courts are not authorized to issue search warrants to U.S. companies for data stored outside of the United States.”

The decision counters arguments from the E.U. that the U.S. legal system is not respecting personal privacy. The Privacy Shield is a “response to European concerns over U.S. domestic and foreign law enforcement and intelligence activities,” McAndrew said. “This decision is consistent with the Privacy Shield objectives, although it’s not directly related to the Privacy Shield. It highlights a greater respect for the privacy rights of account holders, wherever they or their data may be.”