IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft promises to challenge all government requests for customer data

Stance taken following EU advice to firms on complying with a ruling invalidating the EU-US data transfer mechanism

Microsoft has vowed to challenge all requests that any government or security agency makes to access its customers’ data, and will even compensate firms where it’s forced to legally grant access.

Cross-border transfers have come under litigation and regulatory action in recent months, especially after a European court invalidated the key EU-US data transfer mechanism under the terms of GDPR. July’s ruling meant the long-established Privacy Shield was deemed unsuitable for protecting EU residents’ data from extensive US surveillance mechanisms, with concerns US authorities can extract customer data as and when desired, without adequate safeguards and protections.

In light of recommendations issued by the European Data Protection Board (EDPB) on how companies can comply with the ruling, Microsoft has now committed to challenging every request for data.

The firm will challenge every government request for public sector or enterprise customer data, from any government, where there’s a lawful basis for doing so. Where customer data is handed to authorities in violation of GDPR, Microsoft will provide financial compensation to affected customers, it has said. These are commitments that Microsoft claims go beyond the recommendations of the EDPB.

“With today’s announcement, we are moving to be the first company to respond to the EDPB’s guidance with new commitments that demonstrate the strength of our conviction to defend our customers’ data,” said Microsoft’s corporate vice president for global privacy and regulatory affairs and chief privacy officer, Julie Brill.

“Microsoft has already demonstrated that we provide strong protections for our customers’ data, we are transparent about our practices and we defend our customers’ data. We believe the new steps we’re announcing today go beyond the law and the EDPB draft recommendations, and we hope these additional steps will give our customers added confidence about their data.”

The company’s position on this matter is a statement of support for the EU’s position - and represents another example of Microsoft increasingly aligning itself with its desires on tech policy.

For example, towards the end of last year, Microsoft committed to implementing ‘strong encryption’ in its products as opposed to ‘end-to-end encryption’, which public authorities around the world, including Interpol, have railed against.

The EU has, incidentally, earlier this month edged closer to a full ban on end-to-end encryption in platforms such as WhatsApp and Signal, according to a leaked document.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off
Security

Researchers demonstrate how to install malware on iPhone after it's switched off

18 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022