Microsoft promises to challenge all government requests for customer data
Stance taken following EU advice to firms on complying with a ruling invalidating the EU-US data transfer mechanism
Microsoft has vowed to challenge all requests that any government or security agency makes to access its customers’ data, and will even compensate firms where it’s forced to legally grant access.
Cross-border transfers have come under litigation and regulatory action in recent months, especially after a European court invalidated the key EU-US data transfer mechanism under the terms of GDPR. July’s ruling meant the long-established Privacy Shield was deemed unsuitable for protecting EU residents’ data from extensive US surveillance mechanisms, with concerns US authorities can extract customer data as and when desired, without adequate safeguards and protections.
In light of recommendations issued by the European Data Protection Board (EDPB) on how companies can comply with the ruling, Microsoft has now committed to challenging every request for data.
The firm will challenge every government request for public sector or enterprise customer data, from any government, where there’s a lawful basis for doing so. Where customer data is handed to authorities in violation of GDPR, Microsoft will provide financial compensation to affected customers, it has said. These are commitments that Microsoft claims go beyond the recommendations of the EDPB.
“With today’s announcement, we are moving to be the first company to respond to the EDPB’s guidance with new commitments that demonstrate the strength of our conviction to defend our customers’ data,” said Microsoft’s corporate vice president for global privacy and regulatory affairs and chief privacy officer, Julie Brill.
“Microsoft has already demonstrated that we provide strong protections for our customers’ data, we are transparent about our practices and we defend our customers’ data. We believe the new steps we’re announcing today go beyond the law and the EDPB draft recommendations, and we hope these additional steps will give our customers added confidence about their data.”
The company’s position on this matter is a statement of support for the EU’s position - and represents another example of Microsoft increasingly aligning itself with its desires on tech policy.
For example, towards the end of last year, Microsoft committed to implementing ‘strong encryption’ in its products as opposed to ‘end-to-end encryption’, which public authorities around the world, including Interpol, have railed against.
The EU has, incidentally, earlier this month edged closer to a full ban on end-to-end encryption in platforms such as WhatsApp and Signal, according to a leaked document.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now