View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data Centre
December 16, 2022updated 17 Dec 2022 11:00am

Microsoft’s EU cloud data boundary scheme could damage information flow

The data boundary will help ensure information about Europeans is kept on the continent in a bid to remain compliant with GDPR.

By Ryan Morrison

Microsoft is expanding its cloud storage localisation offerings in the European Union, making it easier for customers to have data stored and processed on the continent rather than being transferred to the US. The move could lead to Microsoft and the other cloud hyperscalers expanding operations in the EU and taking over small European data companies, an analyst believes.

Microsoft says it has spent $12bn rolling out data centre operations in Europe over the past two years. (Photo by Gorodenkoff/Shutterstock)

Microsoft says it has spent $12bn over the past two years expanding its data centre operations within the European Union in response to growing demand for data localisation, driven in part by a need to comply with GDPR legislation. The legality of data transfers between the US and EU is questionable after two transatlantic agreements governing the flow of information were struck down by the European Court, following challenges from privacy campaigners.

A new agreement between the US government and European Union, the Data Privacy Framework, was agreed earlier this year and enacted by President Joe Biden via executive order in October. But the legality of this agreement has yet to be tested in court.

The new Microsoft cloud EU data boundary, first announced last year, will come into force on 1 January. When it announced the plan, MSFT said the boundary would be in place by the end of 2022, and it has stuck to its deadline.

Full details of the Microsoft cloud EU data boundary yet to be revealed

The new data residency and proximity tools will be available to customers using the full Microsoft Cloud suite, including Microsoft 365, Power Platform and Azure.

The data boundary tools are being rolled out in phases, and whether they will be comprehensive enough to reduce the risk of a company falling foul of GDPR is unclear.

Caroline Carruthers, CEO of global data consultancy Carruthers and Jackson said the new data boundary “fundamentally makes data flow less efficient, but doesn’t fully prevent information from being accessed in other jurisdictions” as “data doesn’t respect geography”.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

She said any attempt to ringfence data will never give 100% protection to customers and so putting up data boundaries and restriction-free flow of data is “regressive for the wider data transformation efforts” without fully addressing the risks.

The latest rollout expands on existing local storage and processing commitments for European companies and organisations, which “also acts to greatly reduce data flows out of Europe and builds on our industry-leading data residency solutions,” Microsoft said.

The phased release will include storage and processing of additional categories of personal data than already come under localisation products, including data provided when receiving technical support.

Microsoft says this will ensure “sector customers have the choice and flexibility they need to enjoy hyperscale products at the cutting edge of innovation while also meeting regulatory requirements and industry-specific standards,” which is particularly relevant to the public sector.

Microsoft says it also plans to publish “detailed documentation” on its “boundary commitments” that include transparency documentation outlining the exact flow of data through its platform.

“Documentation will be updated continually as Microsoft rolls out additional phases of the EU data boundary and will include details around services that may continue to require limited transfers of customer data outside of the EU to maintain the security and reliability of the service,” the company wrote.

EU data boundaries benefit the hyperscalers

Google announced its own data-flow changes for its Workspace productivity suite within Europe earlier this year, saying that regional customers will have tighter controls enabling limits on the transfer of data to and from the EU.

The flurry of hyperscaler policy changes come off the back of EU regulators enforcing action on public sector bodies’ use of cloud platforms and whether appropriate levels of data protection are being applied when data leaves the region.

But such policy interventions are counter-productive, Carruthers argues. “Instead of trying to pull up the castle moat on European data, governments and multi-nationals should be pushing for global data standards to ensure enhanced security does not stifle data innovation,” she says.

She told Tech Monitor these latest enforcement actions and EU acts will prove to be good news for the hyperscalers and small EU cloud providers, explaining they will “likely cause far more collaborations (partnerships) and acquisitions between companies across the Atlantic. By doing this, they will be able to fulfil the standards of both sides and not have to worry about finding a means to comply.”

This is good for the small companies who can sell up and good for large businesses who can expand or buy smaller companies to comply but not so good for medium sizes businesses as they “are too small to acquire another business and too big to be acquired, meaning they will likely struggle to grow and expand into different regions,” Carruthers says.

Read more: Cloud sovereignty – why European tech firms are partnering with the hyperscalers

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU