Effectively this reduces the number of national authorizations required to allow the international transfer of data via Microsoft’s cloud (depending on the national legislation).
“The EU Data Protection Authorities have analyzed the reply of Microsoft relating to a new version of the Enterprise Enrollment Addendum Microsoft Online Services Data Processing Agreement”, reads the official statement from Brussels. “They concluded that the MS Agreement, as it will be modified by Microsoft, will be in line with Standard Contractual Clause 2010/87/EU, and should therefore not be considered as ‘ad hoc’ clauses.”
In practice, the thumbs-up from the EU means that customers can use Microsoft services to move data more freely through its cloud services from Europe to the rest of the world. And, data stored at Microsoft locations will be considered covered by EU approvals even if it’s actually being housed outside the EU.
“Building on this approval, we will now take proactive steps to expand these legal protections to benefit all of our enterprise customers”, said Brad Smith, general counsel and executive vice president of legal and corporate affairs at Microsoft, in a blog.
He went on to note that should the EU suspend the Safe Harbor Agreement with the US, as called for recently by the European Parliament, Microsoft enterprise customers’ use of cloud services on a worldwide basis won’t be interrupted or curtailed. And, even if the Safe Harbor Agreement remains in place, it covers only transfers from Europe to the US. The Microsoft approved contractual commitments, by contrast, enable transfers globally.
Microsoft is the first – and so far only – company to receive the endorsement.
“Predicting the future is hard. But looking forward, we expect both governments and customers to demand greater transparency and control over how customer content and personal data are protected and where they are stored,” Smith said. “While we join others in our industry in calling for governments to respect the free flow of information, we also believe in putting our customers’ needs first. That’s why we previously announced our commitment around implementing encryption and enabling enterprise customers to store their content in existing data centers in their region.”