Microsoft to store all cloud users’ personal data in the EU

In a decisive step that ensures that its cloud services respect European values and meet the specific requirements of its commercial and public sector customers in Europe, Microsoft has announced that all personal data from its cloud users will remain inside the EU.

This significant step forward follows last year’s rollout of the EU Data Boundary through which Microsoft had enabled the storage and processing of customer data within the boundary for Microsoft 365, Azure, Power Platform and Dynamics 365 services.

It is also in line with the EU’s GDPR rules that require cloud-based companies to not transfer personal data to servers overseas, including the US, without privacy safeguards.

“Today’s announcement is part of a larger initiative to enable our European customers to thrive in every sector and every country in the region – from implementing our European Cloud Principles, to our ongoing work expanding our Microsoft Cloud for Sovereignty, to our sovereign solutions that we will deliver in partnership with leading European technology companies, to our continued global infrastructure investments now spanning over 60 cloud regions, including 11 cloud regions in Europe,” says Julie Brill, Corporate Vice President & Chief Privacy Officer.

Building on that initial release, today Microsoft further expands its local storage and processing to include all personal data, such as automated system logs, making Microsoft the first large-scale cloud provider to deliver this level of data residency to European customers.

The enhancements to the EU Data Boundary for the Microsoft Cloud focus on three areas. First, Microsoft is expanding its local storage and processing commitments to now include all personal data within the boundary including pseudonymized personal data. With this expansion, the EU Data Boundary allows customers to store and process even more of their data within the European Union, enriching customer control.

Secondly, through new transparency resources, including documentation and other information, Microsoft will now be providing customers with a clear and comprehensive view of the data handling, limited transfers, and data protection processes.

Thirdly, through deep investments in EU-based technology, Microsoft will deploy virtual desktop infrastructure enabling remote data access for monitoring activity and system health, thus avoiding physical data transfers or storage outside the EU.

“In implementing the EU Data Boundary, we are also maintaining our commitment to world-class cybersecurity. This means that to ensure our EU customers receive the same world-class security as other global customers, any data transfers outside the EU for security purposes will be documented, limited to what is required for crucial cybersecurity functions, and used only for these cybersecurity purposes,” added Microsoft’s Julie Brill.

Later this year, Microsoft will launch the next phase of its EU Data Boundary for the Microsoft Cloud by transforming the processing and storage capabilities for data received during technical support interactions.

Microsoft is also planning to offer a paid support option which will provide an initial technical response from within the EU and allow customers to provide consent before additional technical expertise outside the EU is engaged.

“Our EU Data Boundary solution goes beyond European compliance requirements and reflects our commitment to provide trusted cloud services that are designed to take advantage of the full power of the public cloud while respecting European values and providing the most advanced sovereignty controls and features available in the industry today,” concluded Julie Brill.