In effort to resolve privacy worries, Microsoft is to allow its cloud customers to store all personal data within EU. Microsoft has confirmed that it will allow cloud customers to store all their personal data within the European Union, in an effort to allay privacy concerns.
Microsoft confirmed the move in a blog post by Julie Brill, corporate VP & Chief Privacy Officer, in which she announced that Microsoft is updating the 'EU Data Boundary for the Microsoft Cloud' as part of a phased rollout plan.
The tech giant had previously allowed the processing of some data in Europe, but is now also including the data automatically generated from using Microsoft services.
It comes after European Union officials and American tech giants have been engaged in years of negotiations over the handling of European data.
Brill said that the enhancements for the EU Data Boundary for the Microsoft Cloud focus on three areas, firstly by delivering the EU data boundary graphic by expanding its European storage commitments to include all personal data within the boundary.
Microsoft said this avoids the need for physical data transfers or storage outside the EU by deploying virtual desktop infrastructure in the EU Data Boundary for monitoring our systems.
Microsoft said it is maintaining its commitment to world-class cybersecurity, and alongside its continuous monitoring services, it will ensure that any data transfers outside the EU for security purposes will be documented, limited to what is required for crucial cybersecurity functions, and used only for these cybersecurity purposes.
Other tech firms have been rolling out data storage and processing capabilities in the EU following privacy and security legislation.
Amazon Web Services for example said in October it would allow data storage on servers located in the EU, as part of its so called 'AWS European Sovereign Cloud'.
The issue of transferring European user data to American servers has long been a bug bear for the European Commission and privacy campaigners.
Initially, the EU-US Safe Harbour deal which had been in place since 2000 governed data transfers to the US, but right from the start it proved controversial with ongoing concerns about US spying.
The European Court of Justice in 2015 suspended the original Safe Harbour agreement, in the wake of the Edward Snowden revelations about the scale of US and its NSA agency spying on friends and allies.
The Privacy Shield was then drafted, but the United States and the European Union were forced to change it after an initial agreement submitted in February 2016 was rejected by European Watchdogs for not being robust enough.
The two sides then agreed to stricter rules for American companies holding information on Europeans and clearer limits on US surveillance.
This reworked Privacy Shield agreement was then approved by EU member states and adopted in July 2016.
In July 2023 the he European Commission reached a new data transfer pact with the United States called the 'Trans-Atlantic Data Privacy Framework'.
The EU said this agreement ensured an adequate level of protection - comparable to that of the European Union - for personal data transferred from the EU to US companies under the new framework.
This Cyber News was published on www.silicon.co.uk. Publication date: Thu, 11 Jan 2024 15:13:03 +0000