IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft to give EU business customers greater control over data storage

Engineering work is underway to make sure that by 2022, no data is routed outside of the EU

Microsoft will allow its customers based in the European Union (EU) to store and process their data only within the confines of the EU, rather than routing this to other countries such as the United States.

The plan, dubbed EU Data Boundary for the Microsoft Cloud, will see EU-based public and private sector cloud customers given the option to choose to store and process their data in the EU alone.

Engineering work is now underway, with this commitment applying across the breadth of its cloud services, including Azure, Microsoft 365, and Dynamics 365. The plan is expected to be ready by the end of 2022.

“The new step we’re taking builds on our already strong portfolio of solutions and commitments that protect our customers’ data, and we hope today’s update is another step toward responding to customers that want even greater data residency commitments,” said Microsoft president Brad Smith.

“We will continue to consult with customers and regulators about this plan in the coming months, including adjustments that are needed in unique circumstances like cybersecurity, and we will move forward in a way that is responsive to their feedback.”

The data in question includes any personal data in diagnostics and service-generated data, as well as personal data that Microsoft uses to provide technical support. The company will also extend technical controls such as Lockbox and customer-managed encryption for data across its services.

Microsoft already provides customers with the choice to have some data stored in the EU, while many Azure cloud services can be configured to process data in the EU as well. The company, however, still needs to make some transfers to territories outside of the EU due to shortcomings in its data centre infrastructure.

The EU Data Boundary project aims to minimise these additional transfers, which involves Microsoft making “substantial and ongoing investments” in expanding its data centre infrastructure. Microsoft currently operates data centres in 13 European countries.

Data residency has been a growing worry for the EU in recent years, as well as privacy activists concerned that data processed in other territories might be accessed by the surveillance regimes in those countries.

Privacy Shield, for example, was invalidated in July 2020 after the European Court of Justice (ECJ) declared it was unable to protect EU residents' data from US surveillance mechanisms.

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

cost of a data breach report 2020 - whitepaper from IBMDownload now

This mechanism was meant to guarantee that EU-based entities transferring data to the US were able to protect that data with EU-level data protection standards. The ECJ, however, ruled that Privacy Shield prioritised the interests of law enforcement and national security agencies.

By allowing EU customers to process all their data only within the EU, the jurisdiction of countries such as the US or others will be severely restricted, and the legal basis for requesting data will be limited.

In an FAQs post, Microsoft stressed that all government requests for data, from US authorities, for example, will be directed to customers, while the company will challenge every request where there’s a lawful basis to do so.

As for whether any personal data might be transferred outside the EU after 2022, Microsoft simply reiterated that it’s identified the technical and operational investments necessary to meet its commitment.

No exceptions to this were provided, although the company plans to consult with customers and regulators about its plans in the coming months.

Although the EU's GAIA-X unified cloud system hasn't yet been finalised, Microsoft also believes these plans are complementary to the initiative.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022