Microsoft first major company to endorse US-EU privacy deal

Microsoft has become the first major tech company to say it will transfer users' information to the US using a new transatlantic commercial data pact and resolve any disputes with European privacy watchdogs. 

Microsoft chief executive Satya Nadella.

Data transfers to the US had been in a legal limbo since October last year when the European Union's top court struck down the Safe Harbour framework that allowed firms to easily move personal data across the Atlantic in compliance with strict EU rules. 

EU data protection law bars companies from transferring personal data to countries deemed to have insufficient privacy safeguards, including the US, unless they set up complex legal structures or use a framework such as Safe Harbour. 

Microsoft said it would sign up to the new EU-US Privacy Shield, the framework that was agreed by Brussels and Washington in February to fill the void left by Safe Harbour and ensure the US$260 billion (A$342.3 billion) in digital services trade across the Atlantic continues. 

"I’m pleased to announce today that Microsoft pledges to sign up for the Privacy Shield, and we will put in place new commitments to advance privacy as this instrument is implemented," Microsoft's vice president of EU government affairs John Frank said. 

The US company's endorsement of the Privacy Shield comes amidst criticism by privacy groups for failing to address concerns about US surveillance practices, and one day before EU data protection regulators sit down for a two-day meeting on whether to endorse the deal themselves. 

Revelations by former intelligence contractor Edward Snowden of the US National Security Agency's mass surveillance program sparked outrage in Europe and set in motion the legal challenge that eventually led to the quashing of Safe Harbour. 

The European Commission, which negotiated the framework on behalf of the EU, has urged companies to comply with decisions from the 28-member bloc's data protection authorities in disputes to help the Privacy Shield survive future court challenges. 

Companies transferring human resources data will have to submit to the jurisdiction of European regulators, but for other companies it will merely be voluntary. 

The main enforcers of the framework will be the US Department of Commerce and the US Federal Trade Commission. 

The European Commission welcomed Microsoft's announcement, noting that EU citizens were more likely to turn to their national regulator to complain about the handling of their data. 

"We welcome the fact that companies already commit to using the Privacy Shield and complying with its obligations," European Commission spokesman Christian Wigand said.