Sun May 16 2021
Microsoft have confirmed work on the new cloud-based storage solution has already begun
By the end of 2022, Microsoft has pledged that their European commercial and public sector clients will be able to store the majority of their data within the EU.
The new data storage initiative, which Microsoft has dubbed the EU Data Boundary for the Microsoft Cloud, will apply to all of Microsoft’s core cloud services, including Azure, Dynamics 365 and Microsoft 365.
The data under discussion will include and service-generated data and/or any personal data in diagnostics, as well as the personal data that Microsoft uses when providing tech support to its clients.
As part of operation ‘EU Data Boundary for the Microsoft Cloud’ technical controls will also be extended for cloud-based services such as Lockbox or customer-managed encryption for data.
As part of the project Microsoft will be consulting with both customers and EU regulators about the new Data Boundary plan, including any changes needed for concerns such as cyber-security.
The EU Data Boundary for the Microsoft Cloud announcement comes amidst a growing sense of unease in the EU over the data residency issue as it’s known, as well as the reach of law-enforcement agencies in other territories making unauthorised access to EU data, especially from the US.
For years most companies, including Microsoft, relied on something called the Standard Contractual Clauses (SCCs) or Privacy Shield for specific EU-US data transfers.
However, back in 2013, an Austrian law student named Max Schrems, asked the Irish Data Protection Commissioner (DPC) to look at Facebooks sending of his data to the US and whether that was a breach of the EU’s data protection laws.
That complaint bounced from the DPC to the Irish High Court, where it was referred to ECJ (European Court of Justice).
This led the ECJ to eventually annulled the EU-US data sharing agreement (known as Safe Harbour) which was replaced by the Privacy Shield Framework.
However… Last July the ECJ ruled Privacy Shield was also invalid as it wasn’t fit-for-purpose in protecting European Citizen’s rights from US surveillance.
Hence the EU Data Boundary for the Microsoft Cloud.
The EU Data Boundary programme will store data in thirteen countries, France, Germany, Greece, Austria, Denmark, Ireland, Italy, Norway, Spain, Poland, Switzerland, Sweden and the Netherlands, and won’t require Microsoft clients or end-users to migrate their data, as it will be done automatically for them at zero cost.
Today's update is part of our commitment to the EU's vision for a 'Europe Fit for the Digital Age,' and an acknowledgement of the role the technology sector needs to play in helping Europe realise its digital aspirations. In addition to processing our commercial and public sector customers' personal data in Europe, we are also creating a Privacy Engineering Centre of Excellence in Dublin to guide our European customers in choosing the right solutions for building robust data protection into their cloud workloads, including to meet regulatory requirements. We are committed to helping build 'Tech Fit 4 Europe'.
Sun May 16 2021