Microsoft addresses privacy concerns: Allowing cloud users to store personal data in Europe

January 15, 2024

In a significant move aimed at addressing privacy concerns, Microsoft has announced that it will allow its cloud customers to store all their personal data within the European Union. This decision, outlined in a blog post by Julie Brill, Corporate VP & Chief Privacy Officer, is part of a phased rollout plan for updating the ‘EU Data Boundary for the Microsoft Cloud.’

Background:

The technology giant had previously permitted the processing of some data in Europe, but the recent announcement extends to include all data automatically generated from using Microsoft services.

This development comes after years of negotiations between European Union officials and American tech giants concerning the handling of European data. The primary focus was on ensuring that the data of EU citizens is treated with the same level of privacy protection within the United States, which has less stringent privacy legislation than the EU.

Key enhancements:

Microsoft’s update on the EU Data Boundary for the Microsoft Cloud focuses on three crucial areas:

Expanded local storage and processing: Microsoft has broadened its European storage commitments to include all personal data within the EU Data Boundary. This encompasses Azure, Microsoft 365, Power Platform, and Dynamics 365. This move positions Microsoft as the first major cloud provider to offer such extensive data residency for European customers.

Transparency resources: Recognizing the importance of transparency, Microsoft is providing new resources, including documentation and other information accessible on the EU Data Boundary Trust Center webpage. This initiative aims to give customers a clear and comprehensive view of data handling, limited transfers, and data protection processes.

Investments in data protection: Microsoft has made significant investments in deploying EU-based technology to enhance the protection of pseudonymized personal data within the boundary. This ensures that when accessed remotely for monitoring system health, there is no need for physical data transfers or storage outside the EU. This is achieved through the deployment of virtual desktop infrastructure in the EU Data Boundary.

Future phases and commitments:

Microsoft plans to continue its phased approach to the rollout of the EU Data Boundary. The next phase, expected later this year, will focus on transforming processing and storage capabilities for data required during technical support interactions. Additionally, Microsoft is developing a future paid support option that will provide initial technical responses from within the EU.