Microsoft is sharing some important news about regulator validation of the data privacy and security commitments they have made regarding their enterprise cloud services (Office 365, Microsoft Azure, Microsoft Dynamics CRM and Windows Intune). All 28 national Data Protection Authorities that regulate companies with operations in the European Union have published a letter (Article 29 Letter) validating that Microsoft have included the proper contractual terms in their enterprise cloud services. Customers can use these services knowing that any data transfers around the world meet the EU’s data protection regulations, some of the toughest in the world.
Microsoft is the only major cloud vendor that has received such validation. This Official Microsoft Blog by Executive Vice President and General Counsel, Brad Smith, provides more detail about this letter and the significance of this for customers that use enterprise cloud services.
In short, as the blog post makes clear, there are three important points for customers to understand:
- First, this is an approved approach to protecting the privacy and security of European citizens’ data and ensures that any potential changes to other regulatory standards (like the EU/U.S. Safe Harbor Agreement for data transfers) will not impact customers’ ability to use Microsoft enterprise cloud services.
- Second, Microsoft’s approved contractual commitments enable data transfers globally (while the Safe Harbor is specific to transfers between Europe and the U.S.).
- Third, Microsoft is committed to doing the hard work to ensure that it can comply both technically and operationally with the stringent obligations imposed by these contractual commitments. All customers of Microsoft’s enterprise cloud, whether they have operations in Europe or elsewhere, benefit from the strong engineering protections we have put in place as a result.
Microsoft has also posted a Q&A document (which can be accessed through a link in the blog post) that gives more information about the letter and European data protection regulations more generally. In short, no other cloud provider offers the same breadth and depth of security and privacy measures as Microsoft.
Microsoft is now making these terms available to all customers. European law requires that both Microsoft and our customer sign these terms for them to be effective. On July 1st, all of our agreement forms will be updated with these terms as standard for all Microsoft customers.
- If your agreement with Microsoft already incorporates these standard contractual clauses, you will benefit from this update version if you choose to.
- If you haven’t previously signed a Data Processing Agreement (with Standard Contractual Clauses), your Microsoft Licensing Sales Specialist can assist upon request, or Open customers can simply go to the O365 Admin Portal and accept the terms of the DPA.
- If you have not yet subscribed to one of Microsoft’s enterprise cloud services, or are considering adding one of the services, there is no better time to do it as you can have confidence in knowing that Microsoft is the trusted partner of choice for your cloud services needs.