The European Union’s GDPR (General Data Protection Regulation) rules include one that requires cloud-based companies to not transfer personal data to servers overseas, including the US, without privacy safeguards. This week, Microsoft announced new plans to keep personal data from its users in Europe inside the EU.
In a blog post, Microsoft announced that in 2023, it had started storing and processing customer data for a number of its cloud-based services, including Microsoft 365, Azure, Power Platform, and Dynamics 365.
This week, that effort expanded to include storing all personal data from European users, including its automated system logs, inside Microsoft EU Data Boundary. Microsoft is also providing new transparency and documentary for its European cloud privacy and storage efforts on a new website.
Finally, the company revealed that it will use EU-based technology to protect user information if those servers need to be accessed remotely to monitor their systems. That includes setting up “virtual desktop infrastructure in the EU Data Boundary for monitoring our systems”, according to Microsoft.
The blog post added:
To ensure our EU customers receive the same world-class security as other global customers, any data transfers outside the EU for security purposes will be documented, limited to what is required for crucial cybersecurity functions, and used only for these cybersecurity purposes.
Microsoft is not yet done with its EU data storage and privacy efforts. Later in 2024, it will make changes for technical support features by keeping that data inside the EU boundary, If any technical support data needs access outside the EU zone, Microsoft says it will “limit and secure any temporary data transfer required through technical approaches such as Virtual Desktop Infrastructure.” The company will also launch a paid technical support option that will be set up in the EU boundary.
Other tech companies have been fighting with the EU over its data privacy rules. In May 2023, the EU fined Meta $1.3 billion for allegedly sending personal data of EU users of Facebook to servers based in the US without privacy safeguards. Meta is appealing the fine.