Microsoft earns first European cloud privacy approval

Cloud
No rain on Microsoft's privacy parade

Microsoft is the first company to earn European privacy approval for its enterprise cloud service.

The software giant received recognition from the European Union's 28 data protection authorities, via the Article 29 Working Party, that its cloud meets tough new EU privacy laws.

Microsoft said it will build upon this approval by expanding the legal protections these afford to all of its enterprise customers. An addendum to contracts enshrining these protections will be issued soon.

Safeguards

Among the safeguards in place is a guarantee that enterprise customers won't suffer interruptions if the EU suspends the Safe Harbor Agreement with the US, a matter currently being considered by the European Parliament.

Other commitments include engineering protections, implementation of encryption, and allowing companies to store data in their own region. This latter point is particularly important following the NSA spying scandal.

"High bar"

Microsoft Azure, Office 365, Microsoft Dynamics CRM, and Windows Intune were all party to the EU approval.

"By acknowledging that Microsoft's contractual commitments meet the requirements of the EU's 'model clauses,' Europe's privacy regulators have said, in effect, that personal data stored in Microsoft's enterprise cloud is subject to Europe's rigorous privacy standards no matter where that data is located," wrote Brad Smith, General Counsel and Executive VP of Legal and Corporate Affairs at Microsoft, in a blog post.

"This is especially significant given that Europe's Data Protection Directive sets such a high bar for privacy protection," he added.