On Thursday US tech giant Microsoft committed to store all European cloud-based customer data in Europe amid unrest on the mainland over US personal data collection legislation.
They have announced to process and store their data in the area by the end of 2022 for all customers in the business and public sector in the European Union.
The business is expected to conclude their remaining engineering work by the end of next year under the ‘EU data boundary for Microsoft Cloud’ scheme, ensuring that customers will be able to store their data in the EU with their key cloud service Azure, Microsoft 365 and Dynamics 365.
The US dominates the cloud
The legal status of data stored by Microsoft’s European clients in the cloud with US companies makes the US authorities monitor the data for many years.
These concerns came to the fore last July, when the EU-US privacy shield was set down by the European Court of Justice, a structure which permits enterprises, in line with the Brussels General Data Protection Regulation, to pass their personal data into the United States.
The court found that EU data from US authorities over which Europe has no power or right of redress were not sufficiently covered by this mechanism.
The company’s innovation activities will be completed by the end of next year and will extend to all its key cloud services – Azure, Microsoft 365, and Dynamics 365 – the company said on Thursday.
President Brad Smith said in a statement that Microsoft would consult its customers and regulators in the next few months about this strategy, including changes required in a unique situation, such as cybersecurity.
Microsoft now operates data centers, including in France, Germany, Greece, and Sweden, within 13 European countries.
The collection of data for large organizations has become so extensive that it’s difficult for them to grasp how their data resides and whether it complies with laws like GDPR, and spread across so many countries.
The General Data Protection Regulations of the European Union (GDPR), which came into force in 2018, protect EU individuals’ rights to privately held persons and apply to all entities processing or monitoring EU residents’ personal data, wherever they are.
Core Cloud Services
Microsoft earlier said that, if data are released in breach of GDPR, it would challenge any government requests for EU public sector or commercial customers’ personal data and provide compensation.
Even before the initiative we are introducing today, Microsoft cloud services comply with or exceed EU guidelines. We already offer business and public sector customers the option for EU data to be processed and numerous Azure cloud services can be optimized for EU data processing.
We also use world-class encryption and robust lockbox solutions which comply with current regulatory guidelines.
Many of our services have regulated the customers’ encryption by using customer-managed keys, and we are defending our customers’ data against any government in the world’s inadequate access.
In Microsoft’s efforts, governments on either side of the Atlantic and beyond will continue to be encouraged to solve legal access problems promptly.
We are urged to develop a new system for European personal data that is being transmitted to the United States in ongoing negotiations between the European Commission and the government of the United States. In the near future, we are hopeful about a resolution.