Microsoft’s wish of Congress enacting a bi-partisan CLOUD Act got a booster shot as the company announces new EU data security measures.
Earlier this week Microsoft announced a pledge to European Union that see the company expand its commitments to both commercial and public EU customers storing and processing data on its cloud.
Today we are announcing a new pledge for the European Union. If you are a commercial or public sector customer in the EU, we will go beyond our existing data storage commitments and enable you to process and store all your data in the EU.
In other words, we will not need to move your data outside the EU. This commitment will apply across all of Microsoft’s core cloud services – Azure, Microsoft 365, and Dynamics 365. We are beginning work immediately on this added step, and we will complete by the end of next year the implementation of all engineering work needed to execute on it. We’re calling this plan the EU Data Boundary for the Microsoft Cloud.
In a blog post penned by Microsoft president and chief legal officer, Brad Smith, he continued to extol the virtues of the company’s exceeding measures to meet EU guidelines as well as give a nod to the EU’s “Europe Fit for the Digital Age” vision.
There weren’t any other meaningful technical details about Microsoft’s push to protect EU data in the region aside from mention about engineering new tools into their core cloud services such as “Lockbox and customer-managed encryption.”
This week’s EU cloud news is yet another step that feels related to Microsoft’s recent Supreme Court visit.
Backing up just bit to 2014, Microsoft, the US government and the Republic of Ireland got into a bit of a tiff over cloud data and the privacy privileges granted to individuals who store data across borders.
In the 2018 court case that reached the US Supreme court, the US government leveraged the 1986 Communications Privacy Act as a precedent to issue a warrant for Microsoft to turn over emails from one Gary Davis who was allegedly tied to Silk Road case.
Microsoft won an appeal to prevent the US government from attempting to seize Mr. Davis’ data which is store on the company’s serves in Ireland, despite Davis being held in the US. During its appeal, Smith mentioned the CLOUD Act as a possible solution to dealing with international data being held by a US-based company.
The CLOUD Act is controversial for many reasons, but would at least set the stage for creating laws more empathetic towards international procedures regarding data procurement.
Well, Microsoft’s continued investment in physical data centers and solutions specific to the EU further inoculates the company from US-based law enforcement hassles.
Smith addresses the issue of lawful procurement in the post as well, “we will challenge every government request for an EU public sector or commercial customer’s personal data—from any government—where there is a lawful basis for doing so.”