Data Responsibility

IBM’s Unwavering Commitment to Protecting Client Data

Share this post:

By Christopher A. Padilla, Vice President, IBM Government and Regulatory Affairs

In 2014, IBM was among the first American technology companies to state publicly that we were not involved in bulk data collection programs implemented by the U.S. government. That same communication to our global client base spelled out clearly the steps IBM would take to challenge U.S. government requests for access to client data, stored in other countries, that did not respect international legal agreements.

More recently, as part of our global commitment to the responsible stewardship of data, we reiterated our position addressing requests for data access made by any government.

Passage of new legislation in the United States has prompted fresh questions about the ability of law enforcement agencies to access data stored abroad. The Clarifying Lawful Overseas Use of Data – or CLOUD – Act does not provide a “backdoor” to client data stored outside the United States. It sets up a new mechanism by which governments may agree to provide lawful access to data stored under their jurisdiction to another government, under pre-agreed legal conditions and safeguards such as judicial warrants.

IBM has earned the trust of our clients over more than a century of doing business. We take seriously our obligation to preserve that trust, and this legislation in no way alters IBM’s stance on government access to client data. We have reiterated our clear, longstanding position in the following statement:

“IBM has well-established policies and practices, summarized in Data Responsibility@IBM and initially put forward in 2014, which make very clear that IBM will not provide access to client data stored outside the lawful jurisdiction of any government requesting such data, unless the request is made through internationally recognized legal channels such as mutual legal assistance treaties (MLATs).”

“The CLOUD Act establishes an additional legal channel by which governments could agree bilaterally on procedures and safeguards to handle lawful requests for data stored under each other’s legal jurisdiction.”

“In the absence of such a bilateral agreement or other internationally recognized legal channels such as an existing MLAT, IBM will take appropriate steps to challenge requests for data stored outside a government’s legal jurisdiction through judicial action or other means.”


Media Contact:
Adam R. Pratt
Ph: (202) 551-9625

More Data Responsibility stories

IBM Statement on the Digital Services Act and Digital Markets Act

IBM’s statement on the European Commission’s Digital Services Act: “IBM welcomes the European Commission’s proposal for a Digital Services Act. We are pleased the Commission adopted a ‘precision regulation approach’ that is focused clearly on tackling illegal content online, something IBM has long called for. We believe this proposal can build greater trust in technology and […]

Continue reading

The future of cross-border data flows must include high standards of protection

  The data security debate While the pandemic has forced individuals, companies and governments to adapt to a world that is more virtual than ever before, increased internet access and data flows were fueling the digital transformation long before the present crisis. Meanwhile, concerns from governments about the safety, security, and use of data are increasing — underscoring the urgent need […]

Continue reading

301 Tariff Relief: Immediate Actions to Support American Advanced Manufacturing

Earlier this month, IBM CEO Arvind Krishna sent a letter to President-Elect Biden committing our company to support the Administration in tackling the monumental challenges facing the United States.  Arvind noted that throughout its history, IBM has supported the visions of presidents in times of crisis and profound change. One of the most pressing challenges […]

Continue reading