Home / News / Expanding EU data localization efforts to include system logs is Microsoft’s latest move

Expanding EU data localization efforts to include system logs is Microsoft’s latest move

In the European Union, Microsoft has completed the second stage of launching its data localization service. The most recent rollout of the “EU Data Boundary for the Microsoft Cloud” (the infrastructure’s official name) began in early 2017. Following its earlier announcement, Microsoft is on track to finish the second phase of the deployment by the end of 2023.

The European Union’s data protection rules may provide weight to initiatives to learn the physical locations of data processors and stores, or even to co-locate data with consumers (data localization).

Today, VP and chief privacy officer Julie Brill announced the second phase in a blog post. The upgrade broadens the data localization offering to include local storage and processing for “all personal data” (including automatic system logs). Rather than concentrating on the greater variety of data that may be created from customer behavior (e.g., via systems logs), the first phase of the deployment concentrated on what Microsoft calls “customer data”—that is, information that consumers actively supplied.

The European Union’s data protection regulators have been more wary of Microsoft in recent years due to the company’s cloud data exports. In July 2020, the internet giant faced a particularly serious regulatory threat when the Court of Justice invalidated a data transfer deal between the union and the US. Legally, there is a conflict between broad US surveillance authorities and EU privacy regulations. This conflict has twice put cloud services domiciled in the US and used by clients in Europe into an unclear limbo.

Microsoft “welcomes” and is “certified under” the new EU-US data accord that the group enacted last July, the “Data Privacy Framework.” There’s more information about this in a Microsoft frequently asked questions document. It is uncertain if the most recent agreement will be able to withstand judicial scrutiny, considering that both Privacy Shield and the previous transatlantic agreement (Safe Harbor) were unsuccessful. Because of the positive effects on local public perception and the protection it provides against the possibility of regulatory risk resurfacing, it is not surprising that US cloud giants like Microsoft are maintaining their aggressive data localization efforts in the EU.

However, given that Microsoft’s data translation is intentionally flawed, it’s likely that this is just PR. At this time, some information is still leaving the bloc. Since Microsoft has not suggested completely localizing data and doing away with processing abroad, this seems to continue even after the third and final phase of the deployment is scheduled to end (on December 31, 2024). The localization of consumer data flows will be implemented gradually over the course of many years.

Brill said, “Our EU Data Boundary now enables the processing and storage of all data in the EU across Microsoft core cloud services—Azure, Microsoft 365, Power Platform, and Dynamics 365.” This was made possible by a large investment and the hard work of hundreds of developers. Pseudonymized personal data is now part of the EU Data Boundary. Logs created automatically by the system as part of the services’ normal functioning include this data. This extension of the EU Data Boundary gives our clients more agency by letting them keep more of their data within the EU.

To further assist users in comprehending data flows, Microsoft is also disseminating further documentation and transparency details. According to the notice, the updated materials are available on the website of the EU Data Boundary Trust Center.

While Brill acknowledges that customers require a thorough understanding of the data handling, limited transfers, and data protection procedures implemented in the EU Data Boundary, he does not specify what further details will be available on the portal at this time.

Deploying virtual desktop infrastructure inside the EU Data Boundary is another improvement she mentions in her blog article on data localization. Instead of physically transferring or storing customer log data outside the EU, she believes this is necessary so that it may be utilized for remote access to system logs for monitoring system health. Nonetheless, data outflows are still necessary for technical support contacts. The next boundary implementation phase, according to Brill, will begin “later this year” and will concentrate on this specific region.

She assures that support data will be retained inside the border and that, in cases where access from outside the EU is necessary to provide world-class assistance, technology measures like virtual desktop infrastructure will be used to restrict and safeguard any temporary data transfer. In addition, Microsoft is creating a future paid support option. This option will offer an initial technical response from within the EU.”

In addition to meeting all European compliance requirements, Brill states that their EU Data Boundary solution demonstrates their dedication to offering trustworthy cloud services that leverage the public cloud to its maximum potential while upholding European values and offering cutting-edge sovereignty controls and features.

 

About Chambers

Check Also

The Air Force has abandoned its attempt to install a directed-energy weapon on a fighter jet, marking another failure for airborne lasers

The U.S. military’s most recent endeavor to create an airborne laser weapon, designed to safeguard …