Microsoft announced on April 10 that its enterprise cloud services, particularly Azure, Office 365, Dynamics CRM and Windows Intune, meet the European Union (EU) privacy standards set forth by the Article 29 Working Party. The group comprises data protection authorities from the EU's 28 member states and the European Commission.
The approval was issued via a letter from Isabelle Falque-Pierrotin, chairwoman of the Article 29 Working Party, according to Microsoft's General Counsel and Executive Vice President of Legal and Corporate Affairs Brad Smith. He noted in a blog post that the move earned Microsoft the distinction of being the "the first—and so far the only—company to receive this approval."
In a FAQ issued by Microsoft, the company explained that the "Article 29 Working Party helps ensure consistency in the application of EU privacy law, approves codes of conduct for the processing of personal data, and provides advice on whether countries outside of the EU adequately protect data transferred from the EU." And its activities can have profound effects in the global cloud computing market.
"Given that the EU has some of the most advanced data protection regulation in the world, these authorities play a critical role in global privacy law," stated Microsoft.
The software and cloud services provider noted in its FAQ that "the Article 29 Working Party approved Microsoft's enterprise cloud services contracts as being in compliance with the high-standards of EU privacy law, as set forth in the EU Model Clauses." Regardless of where EU customer data is stored on Microsoft's global cloud data center network, privacy is assured, said Smith.
The Article 29 Working Party's stamp of approval means that Microsoft's "enterprise customers won't need to worry that their use of our cloud services on a worldwide basis will be interrupted or curtailed" if the EU suspends its Safe Harbor Agreement with the U.S. Even if the agreement stays intact, an added benefit is that Microsoft's contractual commitments cover global data transfers, not only transfers from Europe to the United States as the Safe Harbor Agreement stipulates.
Non-EU customers also have something to gain while Microsoft continues to beef up its privacy protections, argued Smith. "All of our customers, whether they have operations in Europe or elsewhere, benefit from the strong engineering protections we have put in place as a result."
Data privacy has become a major concern for tech companies after ex-National Security Agency contractor Edward Snowden rocked the industry last year with allegations that the U.S. intelligence tapped into the Internet communications of major cloud and online services providers. Microsoft, along with other tech firms including AOL, Apple, Facebook, Google and Yahoo, has been battling to restore trust.
"Ultimately, customers will entrust their information to the cloud only if they have confidence that it will remain secure there," said Smith. "This week's approval by the European data protection authorities is another important step in ensuring customers trust Microsoft's cloud services."