Microsoft to keep all European cloud customers’ personal data within EU


Microsoft will store all cloud customers’ personal data within the European Union rather than allowing transfers abroad, the company said on Thursday — the latest step in ongoing efforts by cloud providers to navigate varying privacy regulations across jurisdictions.

Under the new policy, Microsoft will keep within what it calls the “EU data boundary” all customer data across the company’s cloud services, like Azure, Microsoft 365, Power Platform and Dynamics 365.

This includes “pseudonymized personal data,” which is found in system-generated logs and has been altered so as not to be directly linked to an individual — “making Microsoft the first large-scale cloud provider to deliver this level of data residency to European customers,” the company said in a release.

In December 2022, Microsoft announced it would soon begin the rollout of localized data storage. The first phase, implemented last year, involved storage within the EU of some personal data, but not information held in system-generated logs.

In recent years, Microsoft and other tech giants have found themselves in regulators’ crosshairs over data transfers from the bloc, whose General Data Protection Regulation (GDPR) privacy law is the world’s most stringent. In May 2023, Meta was fined $1.3 billion by the Irish Data Protection Commission over transfers to the United States, where protections are limited and there are concerns about sensitive information ending up in the hands of law enforcement.

In July 2023, a new “Data Privacy Framework” between the EU and U.S. was agreed upon, allowing data transfers as long as protections are made. Nonetheless, Microsoft appears to be moving forward with its EU Boundary plan, and in October Amazon announced it would roll out a separate “European Sovereign Cloud” service, which would keep customers’ metadata within the bloc.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

James Reddick has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Ransomware gang targets nonprofit providing clean water to world’s poorest

Next Post

Vulnerability affecting smart thermostats patched by Bosch

Related Posts

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. Tracked as CVE-2024-21410 (CVSS score: 9.8), the issue has been described as a case of privilege escalation impacting the Exchange Server. "An attacker
Omega Balla
Read More