Microsoft to keep all European cloud customers’ personal data within EU

Avatar

Microsoft will store all cloud customers’ personal data within the European Union rather than allowing transfers abroad, the company said on Thursday — the latest step in ongoing efforts by cloud providers to navigate varying privacy regulations across jurisdictions.

Under the new policy, Microsoft will keep within what it calls the “EU data boundary” all customer data across the company’s cloud services, like Azure, Microsoft 365, Power Platform and Dynamics 365.

This includes “pseudonymized personal data,” which is found in system-generated logs and has been altered so as not to be directly linked to an individual — “making Microsoft the first large-scale cloud provider to deliver this level of data residency to European customers,” the company said in a release.

In December 2022, Microsoft announced it would soon begin the rollout of localized data storage. The first phase, implemented last year, involved storage within the EU of some personal data, but not information held in system-generated logs.

In recent years, Microsoft and other tech giants have found themselves in regulators’ crosshairs over data transfers from the bloc, whose General Data Protection Regulation (GDPR) privacy law is the world’s most stringent. In May 2023, Meta was fined $1.3 billion by the Irish Data Protection Commission over transfers to the United States, where protections are limited and there are concerns about sensitive information ending up in the hands of law enforcement.

In July 2023, a new “Data Privacy Framework” between the EU and U.S. was agreed upon, allowing data transfers as long as protections are made. Nonetheless, Microsoft appears to be moving forward with its EU Boundary plan, and in October Amazon announced it would roll out a separate “European Sovereign Cloud” service, which would keep customers’ metadata within the bloc.

TechnologyBriefsIndustry
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

James Reddick has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.

 

Total
0
Shares
Previous Post

Ransomware gang targets nonprofit providing clean water to world’s poorest

Next Post

Vulnerability affecting smart thermostats patched by Bosch

Related Posts

U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S. money laundering and criminal trademark laws, the agency called out companies Social Design Agency (SDA),
Avatar
Read More