Microsoft signs up to EU cloud standards

Jennifer Scott News
15 Dec, 2011

Model clauses designed to protect EU customer data have been agreed by Microsoft for Office 365.

Microsoft has signed up to a European directive to ensure data protection for citizens of the EU which using its Office 365 Virtual Cloudsduct.

Back in February last year, a number of rules were announced by the EU – known as Model Clauses – to safeguard user’s data, even if it was stored in outside of the European Economic Area.

Microsoft now claims to be fully compliant with the rules, which allow the EU to tell customers to stop using a product until they have ensured it is compliant with EU regulations.

The Redmond giant also claimed to have gone “a step further” by offering a data processing agreement for EU customers who have stricter regulations within their own country, giving more specific protection than the generalised clauses for all 27 member states.  

“Developing cloud based productivity tools that meet the needs of European businesses means more than simply building apps in a browser,” said Jean-Philippe Courtois, president of Microsoft International.

“Microsoft has a more complete approach to European data protection and security laws than any other company, and we’re proud of the work we’ve done to ensure the widest range of organisations can move to the cloud with confidence

Microsoft has been making sure people know about its involvement with the EU model clauses in what appears to be an attempt to claw back trust.

When it launched Office in June this year, the company caused uproar by saying, as a US firm, it was still subject to US laws. This meant wherever it stored data, it would be at risk from the likes of the Patriot Act, allowing the US Government to seize servers, even from its Dublin data centres.

The questions around the Patriot Act, and what other US companies operate in the same way, has plagued the adoption of public cloud services, with not a conference or launch going by without it being mentioned.

However, the lawyer perspective is to accept if the US wants your data, they will get hold of it.

Barry Jennings, an associate at law firm Bird & Bird, told Virtual Clouds earlier this month: “If you have got data you don't want a government having access to, don't put it in another country.”

“This is the world we live in,” he added. “If the US wants [your data] they can get it, they have much more resources than [companies] have.”

“I am more worried about the data you put out there.”

Sign up for our free newsletter