Microsoft’s EU data protections are not adequate

Get a free Techzine subscription!

Microsoft has announced that it has plans to ensure data processing for EU cloud services within the borders of the bloc. The plans have led expert observers to make claims that show problems with the software giant’s existing setup.

The problems extend to the UK’s public sector organizations that want to comply with government guidelines as well as the issue of personal data held in the EU that can be potentially accessed using US security laws.

Brad Smith, the president, and chief legal officer at Microsoft, had some things to say about this.

Smith’s blog post

In a blog post, Smith explained that the software and cloud services company would, by the end of next year, enable EU Azure, Microsoft 365, and Dynamics 365 customers to process all their data within the physical border of the bloc.

A statement like that raises questions. One of those questions is ‘if this a plan for next year, it means that it is not happening now so, what kind of set up or arrangement is currently in place.

Smith said that Microsoft cloud services already comply with EU guidelines. He said that customers can choose to have data stored in the EU with many cloud services already configured to do the same.

We will find out more

Microsoft had already engineered its core cloud services to store and process all personal data for EU commercial and public sector customers. The plan includes any personal data in diagnostics or service-generated data and personal data used to provide technical support.

More information about how this works will be released at Microsoft’s EU Cloud Customer Summit in the autumn.

Some Microsoft decisions in the EU are not compliant with the bloc’s laws and have been called ‘not lawful’ by some and ‘just smoke and mirrors’ by others.