Microsoft stops sending personal data to the US and stores it on European servers to be the first to adapt after the ‘Privacy Shield’
Microsoft is the first major technology company to announce that it will store all personal data of European users on servers in Europe. Microsoft is thus taking another step in the middle of the confusing legal situation we find ourselves in after the lifting of the ‘Privacy Shield’ last July.
According to the Redmond company, they will “go a step further than our existing data storage obligations and allow all data to be processed and stored in the European Union. In other words, we do not need to move your data outside the EU.”
Microsoft’s European user data will be stored in Europe
The company explains that they will continue to work with customers and regulators and will make the necessary adjustments in the coming months. The plan includes “all personal data in the diagnostics and data generated by the service, and the personal data used for the technical service”. They currently maintain servers in 13 European countries, including Spain.
Following a 2018 complaint about the transfer of rights, Microsoft announced that it will apply the European General Data Protection Regulation (GDPR) worldwide, not just in Europe. With today’s announcement, they become the first major technology company to adopt this measure to store all data on European servers.
The Court of Justice of the European Union has held that the United States does not guarantee an adequate level of protection and ruled that companies should not send European personal data to the US. A warrant that companies like Facebook, Amazon or Google still fail to comply with and in fact question the performance of thousands of companies.
For large companies like Microsoft, this may mean a change in the way they work, but they have enough resources to manage servers in Europe. The same does not happen for small and medium-sized US companies operating in Europe, where the removal of the ‘Privacy Shield’ is an issue.
In this regard, the AMETIC business associations, the Spanish Association of Startups and Adigital have proposed to the European Data Protection Board (CEPD) not to impose sanctions on these companies until the new legislation covering this issue has been formulated.
Microsoft anticipates future legislation
The expert explains that this situation has led to data protection authorities such as the German agency recommending that companies such as Mailchimp not be used because they lack sufficient coverage. Although Parra recalls that it is not the first time that a similar situation has been experienced. When ‘Safe Harbor’, the previous legislation regulating data transmission, was discontinued, there was also a 7 or 8 months of no legal framework before ‘Privacy Shield’ was born. Now that it has been canceled again, we are in a situation as before, where there are no regulations outlining how this data should be handled.
“The mere fact that the data is hosted in Europe is not enough to know whether we are complying with the law or not. The important thing is who owns the server,” said Parra. If the US regulations are inconsistent with the RGPD, Microsoft or the company that is to say, it will be seen in a tessitura. This is what Facebook said in September last year, when it left the door open in Europe to close if it couldn’t send its data to the US.
For now, Microsoft has announced this decision not to send the personal data of European users to the US. A measure that the rest of the technology companies have not yet adopted and that Microsoft is preparing for a future new European law that considers how data should be managed.