(Cloud) Tip of the Day: Microsoft Azure meets E.U. Privacy Law Requirements

Today’s (Cloud) Tip…Microsoft Azure meets E.U. Privacy Law Requirements

On 4/10, Brad Smith, General Counsel and Executive Vice President of Legal and Corporate Affairs at Microsoft announced that Microsoft Azure had been found to meet the European Union’s stringent privacy law requirements. As posted at https://blogs.technet.com/b/microsoft_blog/archive/2014/04/10/privacy-authorities-across-europe-approve-microsoft-s-cloud-commitments.aspx:

The European Union’s data protection authorities have found that Microsoft’s enterprise cloud contracts meet the high standards of EU privacy law. This ensures that our customers can use Microsoft services to move data freely through our cloud from Europe to the rest of the world. Building on this approval, we will now take proactive steps to expand these legal protections to benefit all of our enterprise customers.

The EU’s 28 data protection authorities acted through their “Article 29 Working Party” to provide this approval via a joint letter . Importantly, Microsoft is the first – and so far the only – company to receive this approval. This recognition applies to Microsoft’s enterprise cloud services – in particular, Microsoft Azure , Office 365 , Microsoft Dynamics CRM and Windows Intune .

By acknowledging that Microsoft’s contractual commitments meet the requirements of the EU’s “ model clauses ,” Europe’s privacy regulators have said, in effect, that personal data stored in Microsoft’s enterprise cloud is subject to Europe’s rigorous privacy standards no matter where that data is located. This is especially significant given that Europe’s Data Protection Directive sets such a high bar for privacy protection.

Our customers benefit in three key ways:

First, should the EU suspend the Safe Harbor Agreement with the U.S., as called for recently by the European Parliament , our enterprise customers won’t need to worry that their use of our cloud services on a worldwide basis will be interrupted or curtailed.

Second, even if the Safe Harbor Agreement remains in place, it covers only transfers from Europe to the U.S. Our approved contractual commitments, by contrast, enable transfers globally.

Third, we have had and will continue to do the hard work to ensure that we can comply both technically and operationally with the stringent obligations imposed by these contractual commitments. All of our customers, whether they have operations in Europe or elsewhere, benefit from the strong engineering protections we have put in place as a result.