Defending Your Data - DSGVO concessions at Microsoft

The use of the cloud solutions from Amazon, Google and Microsoft and other companies from the U.S.A. has been particularly Schrems II judgment of the European Court of Justice. Data protectionists criticize above all that US authorities are relying on Data of foreign customers without their knowledge. This is not compatible with the General Data Protection Regulation (GDPR) and was one of the reasons for the creation of the European cloud initiative Gaia-X.

 (PLEASE INSERT INTERNAL LINK TO "Great interest in European cloud initiative Gaia-X")

Now, Microsoft has in a Blog post the so-called "Defending Your Data" program. This is intended to inform customers from the European Union in future if US authorities wish to access their data. As a first step, Microsoft will challenge the data access according to the company's information. If this is unsuccessful and the authorities access the data, customers will receive financial compensation.

Private customers at Defending Your Data excluded

According to Microsoft, the DSGVO concessions will be immediately incorporated into the Cloud-contracts of public authorities and companies. Private individuals who frequently use Microsoft OneDrive as a Cloud are excluded from Defending Your Data.

"We are convinced that with the steps announced today we are going beyond the legal requirements and the recommendations of the European Data Protection Committee.

Microsoft

Legal basis for compensation necessary

In addition to data access by US authorities, Defending Your Data is also intended to respond to requests from government agencies in other countries. According to the Group, however, damages will only be paid if a legal basis such as the DSGVO prohibits the transfer of data at the customer's location. Microsoft explains that "this obligation also goes beyond the recommendations of the European Data Protection Committee.

In a Statement on Defending Your Data, Baden-Württemberg's data protection commissioner writes that Microsoft's concessions demonstrate the initial success of the DSGVO. According to the authority, "it is good and necessary that the company complies with European data protection and changes its contract clauses accordingly.

However, this does not fully solve the data protection problem, which is due to the fact that "an addition to the standard contractual clauses does not have the effect of preventing access to data by the US secret services, which the European Court of Justice has criticised as disproportionate". In principle, however, Microsoft's move is seen as a signal to other companies to improve their data protection as well.

Current articles