Microsoft signs EU accords on data privacy

 

Small steps to on-shore visibility.

Microsoft has signed European Union data protection clauses in an effort to quell concerns for European organisations running its Office 365 application suite.

The computing giant signed the European Union's Model Clauses agreement, a component of the Data Protection Directive that allows EU member nations to transfer personal data for processing to countries that cannot ensure an adequate level of protection [pdf].  

"European regulators have the option to request that customers halt the use of a service that hasn’t taken appropriate steps to safeguard personal data until they have evaluated the service and deemed it compliant with EU data protection and security standards," Microsoft explains in a statement

The agreement builds upon the US-EU Safe Harbour accord signed in 2000, designed to help US companies engage in trans-Atlantic business.

For European customers, the accords are intended to quell concerns around protection of Office 365 data hosted in Microsoft's data centres in the US, Ireland and the Netherlands.

Redmond built in 20 privacy controls to make Office 365 fit with European data privacy and protection regulations, according to Microsoft's chief privacy officer, Brendan Lynch.

"Our support for EU Model Clauses is another effort to accommodate the privacy demands of European markets," he said.

The company will also offer European customers additional "data processing agreements" for nations with more "exacting requirements" than the European directive.

Trust us, it's safe

Microsoft also opened a new "trust centre", allowing users to see the "geographic boundary" for their data when hosted in Office 365.

US customers, for example, will be hosted solely within the country while Australian and Asia Pacific customers will be served Office 365 instances out of the US, Singapore or Hong Kong.

Microsoft said it would not notify customers when data is transferred to a new country but will advise if it changes the geographic boundaries for customers who opt in to notifications. 

Though designed to promote visibility of its data centre locations, the trust centre indicates the computing giant's continuing unwillingness to share exact details of its data centres, choosing only to provide basic location information on data centres it has "elected to disclose to the general public".

The company also fails to disclose the number of data centres it uses to host Office 365, only stating that the number is "between 10 and 100", including "other United States-based Data Centers" it has not previously mentioned.

Concerns over data privacy and sovereignty in cloud computing were a key issue for Australian regulators, Lynch said. 

In "virtually every conversation" he had with customers and regulators while on tour in Australia and New Zealand, he was asked about its approach to data protection in its cloud services, he said.

The company has ruled out local facilities for Australian customers, however, and instead lobbied Government in an attempt to change a perceived stigma around data sovereignty in cloud applications and infrastructure.

Copyright © iTnews.com.au . All rights reserved.


Microsoft signs EU accords on data privacy
 
 
 
Top Stories
How hard do you hack back?
[Blog post] Taking the offensive could have unintended consequences.
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
The big winners from Defence’s back-office IT refresh
Updated: The full list of subcontractors.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1015

Vote