Microsoft cloud wins EU approval

The EU’s Article 29 Data Protection Working Party (the coordination group for Member States’ Data Protection Authorities) states that Microsoft’s contractual commitments meet the requirements of the EU’s model clauses. This will reduce the number of national authorizations required to allow the international transfer of data (depending on the national legislation), the EU Data Protection Authorities say. Effectively this means that the DPAs consider Microsoft’s enterprise cloud contracts comply with EU Data Protection law.

This is important news given that not long ago EU Commissioner, Viviane Reding, threated to suspend the US Safe Harbour and the European Parliament is of the same view. Companies can now use Microsoft cloud services to move data more freely from Europe to the rest of the world.

Brad Smith, General Counsel and Executive Vice President of Legal and Corporate Affairs at Microsoft, wrote in his Microsoft blog: ‘Starting July 1, we will ensure that all our enterprise customers benefit from this privacy recognition through our standard agreements. The EU approval requires that customers execute a short, standardized addendum to their current agreements in order to take advantage of this new recognition, and we will create a very simple process to facilitate this.’

The decision applies to Microsoft Azure, Office 365, Microsoft Dynamics CRM and Windows Intune, Smith writes.

See the letter, dated 2 April, from the Article 29 Data Protection Working Party to Microsoft.