Microsoft promises to challenge all government requests for customer data

Stance taken following EU advice to firms on complying with a ruling invalidating the EU-US data transfer mechanism

Microsoft has vowed to challenge all requests that any government or security agency makes to access its customers’ data, and will even compensate firms where it’s forced to legally grant access.

Cross-border transfers have come under litigation and regulatory action in recent months, especially after a European court invalidated the key EU-US data transfer mechanism under the terms of GDPR. July’s ruling meant the long-established Privacy Shield was deemed unsuitable for protecting EU residents’ data from extensive US surveillance mechanisms, with concerns US authorities can extract customer data as and when desired, without adequate safeguards and protections.

In light of recommendations issued by the European Data Protection Board (EDPB) on how companies can comply with the ruling, Microsoft has now committed to challenging every request for data.

The firm will challenge every government request for public sector or enterprise customer data, from any government, where there’s a lawful basis for doing so. Where customer data is handed to authorities in violation of GDPR, Microsoft will provide financial compensation to affected customers, it has said. These are commitments that Microsoft claims go beyond the recommendations of the EDPB.

“With today’s announcement, we are moving to be the first company to respond to the EDPB’s guidance with new commitments that demonstrate the strength of our conviction to defend our customers’ data,” said Microsoft’s corporate vice president for global privacy and regulatory affairs and chief privacy officer, Julie Brill.

“Microsoft has already demonstrated that we provide strong protections for our customers’ data, we are transparent about our practices and we defend our customers’ data. We believe the new steps we’re announcing today go beyond the law and the EDPB draft recommendations, and we hope these additional steps will give our customers added confidence about their data.”

The company’s position on this matter is a statement of support for the EU’s position - and represents another example of Microsoft increasingly aligning itself with its desires on tech policy.

For example, towards the end of last year, Microsoft committed to implementing ‘strong encryption’ in its products as opposed to ‘end-to-end encryption’, which public authorities around the world, including Interpol, have railed against.

The EU has, incidentally, earlier this month edged closer to a full ban on end-to-end encryption in platforms such as WhatsApp and Signal, according to a leaked document.

Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Royal Mint to recover gold from smartphones and laptops in world first
Technology

Royal Mint to recover gold from smartphones and laptops in world first

21 Oct 2021