Microsoft switched on cloud services from several UK-based datacenters yesterday claiming it would help local organizations meet compliance efforts, but warned it’s too early yet to tell whether Brexit will have an impact on operations.
The computing giant bigged-up the benefits of data residency and “geo-redundant” data replication, especially for its UK government customers and those in highly regulated industries.
“Built on Microsoft’s Trusted Cloud principles of security, privacy, compliance, transparency and availability, this creates new opportunities for innovation, with the intent to spark local economic growth for Microsoft UK’s 25,000-plus partners and support local technology advancement.”
However, there are big question marks hanging over the UK’s digital economy since the Brexit vote, most notably whether UK datacenters will be able to store and easily transfer EU data if Britain decides to go it alone.
In a carefully worded statement sent to Infosecurity, Microsoft claimed it would “continue to monitor the regulatory landscape to ensure our investments continue to meet the needs of UK customers.”
It added:
“While we expect to need to comply with GDPR in the other EU Member States, and to architect systems, structure contracts and train personnel to meet those standards, with the UK-EU negotiations not yet even started it is too early to tell what effect Brexit will have on UKEU data transfer.”
Most legal experts agree that the UK will seek to follow the GDPR or at least harmonize its laws post Brexit to avoid the nightmare scenario of EU privacy tsars halting the free flow of information between the UK and EU.
However, the issue is complicated by the forthcoming Investigatory Powers Bill which appears to enshrine in law the principal of bulk surveillance – exactly the issue which led to the scrapping of the Safe Harbor agreement and which could put a roadblock in the way of simple data transfers.
It has been argued before, by the likes of Chatham House associate fellow, Emily Taylor, that cloud providers could be quick to move data out of the UK if that’s the case, while years-long legal negotiations take place.
She told Infosecurity that “both the European Court of Human Rights (ECHR) and European Courts of Justice (CJEU) set a pretty high bar for the safeguards [needed to allow bulk surveillance powers], and it seems that at least some of the powers proposed in our Investigatory Powers Bill may fail.”
“It's still unclear how Brexit will affect data flows between the EU and the UK. Much will depend on the final form of the Investigatory Powers Bill. Will the government make changes to the UK's surveillance laws, or will the UK government carry on as planned in the expectation of a swift Brexit?” she added by email.
“Will we continue to comply with European laws (including data protection) in exchange for access to the Single Market, or will we go our own way and trade as a Third Country, like the US? All these issues will affect the laws around exchanges of data between the UK and EU. British data industries need to know that they can interchange data with EU partners without having to worry about whether or not it's legal to do so.”