Take That, Amazon And Google: Microsoft Says It's The First Cloud Vendor To Get EU Privacy Approval
European data protection authorities have given Microsoft's cloud services their stamp of approval, a move that could help the software giant regain the trust of international customers who've been spooked by National Security Agency spying allegations.
The European Union has determined that Microsoft's enterprise cloud contracts for Azure, Office 365, Dynamics CRM and Windows Intune meet the "high standards of EU privacy law," Brad Smith, general counsel and executive vice president of Legal and Corporate Affairs at Microsoft, said in a blog post Thursday.
This amounts to a significant endorsement for Microsoft's cloud services, as the EU has some of the toughest laws in the world governing how companies collect, store and transfer its citizens' personal data outside of Europe.
[Related: With Microsoft's Help, VMware Looks To Take Bite Out Of Citrix's XenApp Business ]
"This ensures that our customers can use Microsoft services to move data freely through our cloud from Europe to the rest of the world," Smith said in the blog post.
Microsoft is the first and only vendor thus far to receive this approval from the EU, according to Smith.
Chris Hertz, CEO of New Signature, a Washington, D.C.-based Microsoft partner, said getting the EU’s approval "simply reinforces that Microsoft is the only public cloud vendor that is truly serious about data privacy and is committed to delivering enterprise ready cloud services."
"They aren’t waiting for their hand to be forced. Instead, they're leading the charge to deliver an enterprise ready cloud that any company or government can trust," Hertz told CRN.
Smith said the EU approval also means Microsoft enterprise customers won't have to worry about potential looming changes to EU privacy law. Last month, the European Parliament voted to suspend the Safe Harbor program, a set of privacy protection rules covering how EU citizens' personal data is transmitted to the U.S.
Even if EU gets rid of Safe Harbor in favor of tougher privacy laws, Microsoft's cloud customers doing business in Europe won't see any service interruptions, Smith said. And while Safe Harbor just covers personal data transfers between Europe and the U.S., Microsoft now has approval to transfer EU citizens' data to any country, he said.
Starting July 1, Microsoft plans to adjust its standard enterprise cloud agreements to reflect the EU approval for its cloud services, said Smith.
"Other companies talk about their commitment to comply with EU privacy law -- but we’ve enshrined that commitment in our contracts," Smith said in the blog post. "And Microsoft has done the technical and legal work to ensure our customers with European operations can legally move their data through our services."
Microsoft is one of the many tech companies said to have worked with the NSA to spy on U.S. citizens, according to documents leaked last year by former NSA contractor Edward Snowden. Microsoft has denied this, claiming it only shares customer data "in response to legal processes."
Nonetheless, Microsoft has taken a number of steps since then aimed at reassuring customers that its cloud services are impervious to snooping.
In December, Microsoft said it would add stronger encryption for customer data flowing through its networks and services by the end of 2014. Microsoft also said it would make this encryption available to third-party developers building services running on its Azure cloud.
PUBLISHED APRIL 10, 2014