Posts in this article
For corporations and public administrations in Europe, working with cloud services from US companies such as Amazon, Google, and Microsoft is particularly difficult because US secret services have widespread access to data stored by US companies. Microsoft has now launched a far-reaching product attack to address these data protection concerns in Europe.
The software giant’s future customers in the European Union should be able to process and store their data by Microsoft exclusively in the European Union. “We will not have to transfer any data from these customers outside of the European Union,” Microsoft President Brad Smith declared in a blog Thursday.
Microsoft is interacting with two judgments from the European Court of Justice regarding data exchange between the USA and Europe. At the instigation of data protection activist Max Schrems, the court initially annulled the “safe harbor” agreement in October 2015. Last June, Schrems dropped the subsequent “Privacy Shield” regulation before the European Court of Justice.
With the two provisions, the transfer of commercial data to the United States was largely denied its legal basis. In the opinion of the European Court of Justice, there is no comparable level of data protection in the US as it is in the European Union. Above all, the US “cloud law” that enables US secret services to confiscate data with the help of secret courts – also outside the US – is viewed critically. The new US government under President Joe Biden recently publicly showed that it is entering into a new comprehensive data protection agreement with the European Union.
After the European Court of Justice’s first ruling on “Safe Harbor”, cloud giants such as Amazon (AWS), Google and Microsoft have switched to the standard contractual clauses in which they promised to comply with data protection regulations. The cloud companies also offered server locations in Germany and other European countries. With the European Court of Justice’s second ruling on the “Privacy Shield” follow-up rule, it was evident that the server location and contractual clause alone were not sufficient to meet the requirements of the European General Data Protection Regulation (GDPR).
Many people in charge of European companies and public administrations, who chose a solution from an American provider, ignored the shaky legal basis and were just getting started. Others put the investment decision in the background. According to a survey conducted by the Bitkom Digital Association in November 2010, more than every second company (56 percent) new and innovative ventures have failed due to their gross domestic product (GDP). The difficult data exchange with the United States also played a major role.
Microsoft’s new offering of “European Union data limits” is aimed at corporate and public sector customers, not private users. The commitment will apply to all Microsoft central cloud services – Azure, Microsoft 365 (including Microsoft Office and Teams) and Dynamics 365. “We have already initiated technical preparations so that our cloud centralized services can provide all personal information as quickly as possible. We cannot Store and process data from our corporate and public sector clients in the European Union unless they wish to, says the Smith Blog Entry.
However, it remains unclear whether data limits can actually eliminate legal uncertainties when transferring data between Europe and the USA. According to reports, the Microsoft group is still legally responsible for cloud data. The Washington state company is governed by United States law.
Therefore, Austrian data protection activist Max Schirms criticizes Microsoft’s proposition: “After Microsoft in the United States apparently still has access to the data, they should continue publishing the data under US law,” said Shermos of Deutsche Presse-Agentur. . “Unfortunately, a storage location is useless as long as access from the United States is possible. A legally stable solution would require an EU unit completely devoid of instructions in which the data stays.”
Stefan Brink, the data protection officer in Baden-Württemberg, also responded with suspicion: “Since US legislation also requires US companies to publish data that are processed outside the United States on demand, this in no way solves all transportation problems,” he said. Brink to Handelsblatt.
Microsoft believes it has found a way out: Access to US intelligence services could technically be undermined if customers actively protect their cloud data themselves. “With many of our services, control of data encryption through the use of the keys the customer manages is in the hands of the customers themselves,” said Microsoft chief Smith. Keys that are not managed are used by Microsoft, but by customers themselves. “We also protect our customers’ data from unauthorized access by government agencies,” said Smith.
Here, too, Brink made concessions: “This is a good development, but it only works to a very limited extent if your private data is to be actively processed and therefore must be decrypted,” he said. Therefore, a “viable solution to this transfer problem” could only consist in “either the US security authorities halting disproportionate monitoring measures, which is not expected, or the conclusion of a new data protection agreement between the European Union and the United States, which the two sides take to change the meaning And take very seriously. “
Microsoft’s Nasdaq-listed share rose 0.27 percent at $ 247.13.
/ chd / DP / zb
More news about Microsoft Corp.
Image sources: Peteri / Shutterstock.com