Microsoft announced that it will keep the information of European users within the limit established by the laws of the European Union. The technology giant will not transfer personal data to servers abroad, except for specific cases related to cybersecurity. The company promised greater transparency and security mechanisms to protect information.
In an entry published on your blog, Microsoft offered an update to its cloud storage strategy. More than a year ago, the company announced a program to protect the data of people and companies in the EU. After offering it in services such as Microsoft 365, Azure, Power Platform and Dynamics 365, the technology company confirmed that the measure will apply to all its users.
Microsoft made adjustments to its infrastructure, so as of January 2024, all personal data is located at the border of the European Union. This includes pseudonymized information, which includes personal data that cannot be attributed to a user without the use of additional information.
“Today, building on that initial release, Microsoft further expands our local storage and processing to include all personal data, such as automated system logs, making Microsoft the first large-scale cloud provider to offer this level of data residency to European customers,” stated Julie Brill, Corporate Vice President and Chief Privacy Officer. “With this expansion, the EU data cap allows our customers to store and process even more data within the European Union and enriches customer control.”
According to Brill, Data transfers to external servers will be limited to what is necessary for crucial cybersecurity functions. Microsoft promised transparency and detailed documentation when these cases occur.
Microsoft, obliged to comply with data protection laws in Europe
Unlike Meta, Microsoft has taken a different path regarding the data protection strategy. Contracts with governments and companies in the European Union require it to respect the guidelines and avoid a million-dollar fine.
In addition to the storage of personal data, Microsoft stated that they made significant investments to protect information when accessed remotely. To avoid transfer to external servers, the technology company will implement a virtual desktop infrastructure at the EU data border.
“To ensure that our EU customers receive the same world-class security as other global customers, any transfer of data outside the EU for security purposes will be documented, limited to what is necessary for crucial cybersecurity functions, and will be used only for these purposes,” mentioned the Privacy Director.
The technology giant published a website that documents the transparency strategy and data protection efforts. The next step will include technical support cases involving EU users. Microsoft said it will rely on alternatives such as virtual desktop to limit and secure any required temporary data transfers.
The European Union points out that data transfers to other countries will be allowed if the conditions established by Chapter V of the General Data Protection Regulation.