Microsoft marked Data Privacy Day with a video about the importance of protecting privacy and how important this is to Microsoft.
The EU’s data protection authorities have found that Microsoft’s enterprise cloud contracts meet the high standards of EU privacy law. This ensures that customers can use Microsoft services to move data freely through the cloud from Europe to the rest of the world.
Article 29 Working Party helps ensure consistency in the application of EU privacy law, approves codes of conduct for the processing of personal data and provides advice on whether countries outside of the EU adequately protect data transferred from the EU. Given that the EU has some of the most advanced data protection regulation in the world, these authorities play a critical role in global privacy law.
All 28 EU data protection authorities reviewed and endorsed the Microsoft enterprise cloud agreements that cover Microsoft Azure, Office 365, Microsoft Dynamics CRM and Windows Intune.
By acknowledging that Microsoft’s contractual commitments meet the requirements of the EU’s ‘model clauses’, Europe’s privacy regulators have said, in effect, that personal data stored in Microsoft’s enterprise cloud is subject to Europe’s rigorous privacy standards, no matter where that data is located.
This development helps customers benefit in three key ways, Microsoft said. First, should the EU suspend the Safe Harbour Agreement with the US, customers need not worry that their use of Microsoft’s cloud services on a worldwide basis will be interrupted or curtailed. Secondly, even if the Safe Harbour Agreement remains in place, it covers only transfers from Europe to the US. Microsoft’s approved contractual commitments, by contrast, enable transfers globally. Thirdly, Microsoft will continue to ensure it can comply both technically and operationally with the stringent obligations imposed by these contractual commitments.
Microsoft is ensures that all its customers benefit from this privacy recognition through standard agreements. The EU approval requires that customers execute a short, standardised addendum to their current agreements in order to take advantage of this new recognition, and Microsoft will create a simple process to facilitate this.
Under EU law, customers remain the ‘controllers’ of the personal data they collect and the primary obligations to protect that data fall on them. This means enterprise cloud customers have a strong interest in ensuring that their cloud services provider abides by EU data protection law or the customer can face liability and in some cases blockage of its ability to use the service.
A cloud provider that commits contractually to comply with the model clauses provides customers with reassurance that their data will be processed in compliance with EU data protection law.
This development is a significant step further, by not only providing customers with the additional peace of mind of an extensive official review and endorsement of Microsoft compliance with EU model clauses that no other cloud provider offers, but also proactively expanding those legal protections to all of Microsoft enterprise customers worldwide.
https://www.facebook.com/video.php?v=1006557332705726