Lync Migration Featured Article
April 11, 2014
Microsoft's Cloud Services Gets DPA Approval from All 28 European Members
By Michael Guta
TMCnet Contributing Writer
When Edward Snowden leaked the activities of the NSA it highlighted vulnerabilities in the technology we use illustrating the ease of violating the privacy of virtually anyone using a mobile phone or the Internet. This information jeopardized many organizations doing business around the world that relied on the Internet to deliver their services. The biggest impact was on companies providing cloud services, because according to Edward Snowden the NSA's ability to access the data they stored was also very effective.
In Europe where data privacy issues are protected with much stricter rules and regulations, companies doing business in the cloud have been under greater scrutiny to prove the safety of the data they store. After much legal haggling in Europe, Microsoft (News - Alert) has finally received some good news regarding its enterprise cloud services when the data protection authorities (DPAs) of all 28 European member states decided the company has met its standards for privacy.
A blog by Brad Smith, General Counsel and Executive Vice President of Legal and Corporate Affairs at Microsoft revealed the EU’s 28 data protection authorities acted through their “Article 29 Working Party” to approve Microsoft's services. This includes Microsoft Azure, Office 365, Microsoft Dynamics CRM and Windows Intune, making it the first and only company to receive this approval, according to Mr. Smith.
The contractual commitments made by Microsoft meet the requirements of the EU's “model clauses” which in essence makes any personal data stored in Microsoft's enterprise cloud subject to the demanding privacy standards of European laws no matter where the data is stored. This is a critical point for individuals and organizations in Europe that expect the continent's Data Protection Directive and the high standards of protection it offers regarding privacy.
According to Smith this new agreement will benefit Microsoft customers in three key ways.
First, should the EU suspend the Safe Harbor Agreement with the U.S., as called for recently by the European Parliament, our enterprise customers won’t need to worry that their use of our cloud services on a worldwide basis will be interrupted or curtailed.
Second, even if the Safe Harbor Agreement remains in place, it only covers transfers from Europe to the U.S. Our approved contractual commitments, by contrast, enable transfers globally.
Third, we have had and will continue to do the hard work to ensure that we can comply both technically and operationally with the stringent obligations imposed by these contractual commitments. All of our customers, whether they have operations in Europe or elsewhere, benefit from the strong engineering protections we have put in place as a result.
The Article 29 Working Party represent 28 European Union data protection authorities (DPAs) and the European Commission, which is designed to deliver consistent application of EU privacy law, approves codes of conduct for the processing of personal data, and provides advice on whether countries outside of the EU adequately protect data transferred from the EU.
By having the endorsement of the Article 29 Working Party, Microsoft will not have to go to each individual country in Europe and seek approval.
Edited by Maurice Nagle