Microsoft gains EU security approval

Last week Microsoft announced that European Union’s data protection authorities have found that Microsoft’s enterprise cloud contracts meet EU privacy law standards. This is good news for companies using Microsoft’s enterprise cloud services – in particular, Microsoft Azure, Office 365, Microsoft Dynamics CRM, and Windows Intune.

In a recent blog post, Brad Smith, General Counsel and Executive Vice President of Legal and Corporate Affairs at Microsoft, noted that “Microsoft is the first – and so far the only – company to receive this approval.”

This is good news for those using Microsoft’s enterprise cloud services because it now means security and privacy concerns have been addressed on a global level.

According to Smith, “By acknowledging that Microsoft’s contractual commitments meet the requirements of the EU’s “model clauses,” Europe’s privacy regulators have said, in effect, that personal data stored in Microsoft’s enterprise cloud is subject to Europe’s rigorous privacy standards no matter where that data is located. This is especially significant given that Europe’s Data Protection Directive sets such a high bar for privacy protection.”

Smith highlights three key benefits to customers. First, “should the EU suspend the Safe Harbor Agreement with the U.S., as called for recently by the European Parliament, our enterprise customers won’t need to worry that their use of our cloud services on a worldwide basis will be interrupted or curtailed.

 “Second, even if the Safe Harbor Agreement remains in place, it covers only transfers from Europe to the U.S. Our approved contractual commitments, by contrast, enable transfers globally.

 “Third, we have had and will continue to do the hard work to ensure that we can comply both technically and operationally with the stringent obligations imposed by these contractual commitments. All of our customers, whether they have operations in Europe or elsewhere, benefit from the strong engineering protections we have put in place as a result.”

Enterprise customers should be able to see these benefits implemented by July 1 of this year. As Smith explains in his post the EU approval requires that customers execute a short, standardized addendum to their current agreements in order to take advantage of this new recognition, and Microsoft is working to facilitate this.

Smith goes on to state “While we join others in our industry in calling for governments to respect the free flow of information, we also believe in putting our customers’ needs first. That’s why we previously announced our commitment around implementing encryption and enabling enterprise customers to store their content in existing data centers in their region.”

He wraps up his post with these thoughts, “Ultimately, customers will entrust their information to the cloud only if they have confidence that it will remain secure there. This week’s approval by the European data protection authorities is another important step in ensuring customers trust Microsoft’s cloud services.”

You can read Brad Smith’s complete post here.