Microsoft promises to challenge all government requests for customer data
Stance taken following EU advice to firms on complying with a ruling invalidating the EU-US data transfer mechanism
Microsoft has vowed to challenge all requests that any government or security agency makes to access its customers’ data, and will even compensate firms where it’s forced to legally grant access.
Cross-border transfers have come under litigation and regulatory action in recent months, especially after a European court invalidated the key EU-US data transfer mechanism under the terms of GDPR. July’s ruling meant the long-established Privacy Shield was deemed unsuitable for protecting EU residents’ data from extensive US surveillance mechanisms, with concerns US authorities can extract customer data as and when desired, without adequate safeguards and protections.
In light of recommendations issued by the European Data Protection Board (EDPB) on how companies can comply with the ruling, Microsoft has now committed to challenging every request for data.
The firm will challenge every government request for public sector or enterprise customer data, from any government, where there’s a lawful basis for doing so. Where customer data is handed to authorities in violation of GDPR, Microsoft will provide financial compensation to affected customers, it has said. These are commitments that Microsoft claims go beyond the recommendations of the EDPB.
“With today’s announcement, we are moving to be the first company to respond to the EDPB’s guidance with new commitments that demonstrate the strength of our conviction to defend our customers’ data,” said Microsoft’s corporate vice president for global privacy and regulatory affairs and chief privacy officer, Julie Brill.
“Microsoft has already demonstrated that we provide strong protections for our customers’ data, we are transparent about our practices and we defend our customers’ data. We believe the new steps we’re announcing today go beyond the law and the EDPB draft recommendations, and we hope these additional steps will give our customers added confidence about their data.”
The company’s position on this matter is a statement of support for the EU’s position - and represents another example of Microsoft increasingly aligning itself with its desires on tech policy.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
For example, towards the end of last year, Microsoft committed to implementing ‘strong encryption’ in its products as opposed to ‘end-to-end encryption’, which public authorities around the world, including Interpol, have railed against.
The EU has, incidentally, earlier this month edged closer to a full ban on end-to-end encryption in platforms such as WhatsApp and Signal, according to a leaked document.
Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.
AI tools are growing in popularity at enterprises, but not all of them are approved by employers – and that’s a serious problem for IT and security leaders
Kyndryl and Nokia extend partnership to drive data center networking gains
“It’s almost like moving from one aircraft carrier to another”: Inside National Trust’s sweeping digital transformation