EU Data Boundary for the Microsoft Cloud: A progress report

| Julie Brill, Corporate Vice President, Chief Privacy Officer, and Deputy General Counsel, Microsoft and Ralph Haupter, President Microsoft EMEA

EU Data Boundary

Today was an important milestone in our journey toward creating the EU Data Boundary for the Microsoft Cloud. Earlier this year, we announced a new commitment for our public sector and commercial customers in the EU and EFTA: a promise to enable them to process and store all their data in the EU by the end of 2022. Our services continue to operate in compliance with European laws and regulations. ​But with this ambitious plan we are going above and beyond our prior commitments and regulatory requirements to meet our customers’ preferences and expectations for increased data residency and control and to help Europe realize its digital ambitions.

Since our initial announcement in May, we’ve begun the necessary engineering work and gathered feedback to better understand and adjust to customer needs and priorities. These discussions have reconfirmed just how important data, and control over data, is for our EU customers—to confidently embrace the cloud and foster data-driven innovation. These conversations have also reinforced the profound responsibility we have as a custodian of that data.

Building on what we’ve heard from our customers, today we convened an EU Cloud Customer Summit to share additional details about our progress and what’s next. The updates we provided, as well as our ongoing plans, reflect the customer feedback we’ve received over past months, and today’s discussion provided yet another opportunity for our customers to help shape the path ahead.

Here are some of the investments Microsoft is making for the EU Data Boundary by the end of 2022.

Data centers are at the core of customers’ processing and storage capabilities. We already have the world’s largest cloud infrastructure, with more than 60 datacenter regions announced to date, and we are adding more data centers and increasing capacity in our existing data centers in the EU. Since May, we’ve opened a new data center in Sweden and announced an additional site in Belgium offering local data residency and faster access to the cloud.

The work to engineer our enterprise core services to store and process customer, support, and other personal data in the EU is on track and will be completed by the end of 2022.

We are also continuing to increase our customer support staff within the EU and redesigning our tools so that support data can be stored and processed in the EU. We will ensure that no support data is physically transferred outside Europe. We will rely on technologies such as virtual desktop infrastructure (VDI) as a supplementary measure to allow for remote access to only snippets of data and under access controls and other measures that address the issues discussed by the European Court of Justice and the European Data Protection Board. VDI also uses screen rendering, which avoids the need for physical data transfers or storage outside the EU Data Boundary, allowing us to deploy the best possible support and engineering resources for our customers inside the EU Data Boundary at all times.

With a rising number of cyberthreats, we have an obligation to protect our customers’ data against increasingly adept and skilled attackers. Indeed, security is a core element of data protection. Within the EU Data Boundary, we will offer the same world-class security capabilities that we offer to all our cloud customers. Analyzing over 24 trillion security signals every 24 hours requires us to aggregate and assess global threat data to detect, respond to, and remediate malicious activity. We must ensure that our European-based customers receive the same world-class security as our customers throughout the globe. Any data transfers outside the EU for security purposes will be limited in scope to what is needed for this purpose. This will allow us to provide the secure environment that our customers expect while meeting regulatory requirements by prohibiting unrelated secondary uses and implementing additional supplementary measures.

Our ongoing commitment is to provide customers with robust transparency about our practices and progress toward the implementation of the EU Data Boundary. We continue to listen to feedback and remain dedicated to serving the needs of our customers and their data we keep safe.

There is much to do in the year to come – we are ready!

Tags: , , , ,