Microsoft promises to challenge all government requests for customer data

Stance taken following EU advice to firms on complying with a ruling invalidating the EU-US data transfer mechanism

Microsoft has vowed to challenge all requests that any government or security agency makes to access its customers’ data, and will even compensate firms where it’s forced to legally grant access.

Cross-border transfers have come under litigation and regulatory action in recent months, especially after a European court invalidated the key EU-US data transfer mechanism under the terms of GDPR. July’s ruling meant the long-established Privacy Shield was deemed unsuitable for protecting EU residents’ data from extensive US surveillance mechanisms, with concerns US authorities can extract customer data as and when desired, without adequate safeguards and protections.

In light of recommendations issued by the European Data Protection Board (EDPB) on how companies can comply with the ruling, Microsoft has now committed to challenging every request for data.

The firm will challenge every government request for public sector or enterprise customer data, from any government, where there’s a lawful basis for doing so. Where customer data is handed to authorities in violation of GDPR, Microsoft will provide financial compensation to affected customers, it has said. These are commitments that Microsoft claims go beyond the recommendations of the EDPB.

“With today’s announcement, we are moving to be the first company to respond to the EDPB’s guidance with new commitments that demonstrate the strength of our conviction to defend our customers’ data,” said Microsoft’s corporate vice president for global privacy and regulatory affairs and chief privacy officer, Julie Brill.

“Microsoft has already demonstrated that we provide strong protections for our customers’ data, we are transparent about our practices and we defend our customers’ data. We believe the new steps we’re announcing today go beyond the law and the EDPB draft recommendations, and we hope these additional steps will give our customers added confidence about their data.”

The company’s position on this matter is a statement of support for the EU’s position - and represents another example of Microsoft increasingly aligning itself with its desires on tech policy.

For example, towards the end of last year, Microsoft committed to implementing ‘strong encryption’ in its products as opposed to ‘end-to-end encryption’, which public authorities around the world, including Interpol, have railed against.

The EU has, incidentally, earlier this month edged closer to a full ban on end-to-end encryption in platforms such as WhatsApp and Signal, according to a leaked document.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Most Popular

The benefits of workload optimisation

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
IT Pro Panel: Why IT leaders need soft skills
professional development

IT Pro Panel: Why IT leaders need soft skills

26 Jul 2021