Microsoft EU Data Boundary dubbed ‘smoke and mirrors’
Data protection experts claim Microsoft’s decision to create an EU Data Boundary is a tacit admission that it routinely transfers and processes the personal data of European citizens outside the bloc
Share this item with your network: By Published: 18 May 2021 16:30
Microsoft has committed to storing and processing all of its European Union (EU) customer data within the bloc by creating an “EU Data Boundary”, but data protection experts have criticised the move as a tacit admission that data is being routinely processed elsewhere.
In a blog post announcing the plan, Microsoft president and chief legal officer Brad Smith said the EU Data Boundary pledge would apply to data processed by its main cloud services – including Azure, Microsoft 365 and Dynamics 365 – and the engineering work needed to deliver the project would be completed by the end of 2022.
Software giant vows data processing of EU cloud services to stay in EU, which means that currently.
Lindsay Clark Fri 7 May 2021 // 15:20 UTC Share
Copy
Microsoft has announced plans to ensure data processing of EU cloud services within the borders of the political bloc in a move that expert observers claim reveals problems with the firm s existing setup.
Those problems extend to UK public sector organisations seeking to stick within government guidance as well as a longstanding issue where personal data held in the EU can potentially be accessed via US security laws.
In a blog, Brad Smith, Microsoft’s president and chief legal officer, said the software and cloud services giant would, by the end 2022, enable EU customers of Azure, Microsoft 365, and Dynamics 365 to have all their data processed physically within the EU.
European Commission proposes UK data adequacy agreement
The publication of two draft data adequacy decisions brings the UK closer to a final positive decision, which will enable the continued free flow of data between the EU and the UK if green-lit by member states
Share this item with your network: By Published: 19 Feb 2021 17:30
The European Commission (EC) has indicated its willingness to offer a data adequacy agreement for the UK, subject to formal approval by EU member states.
The commission has published two draft data adequacy decisions, one under the General Data Protection Regulation (GDPR) and another under the Law Enforcement Directive (LED), to allow for the continued transfer of personal data to the UK, setting in motion the process of their formal adoption
Assessing UK law enforcement data adequacy
Data protection experts discuss the consequences of achieving data adequacy between the UK and EU for the UK’s intelligence services and criminal justice sector
Share this item with your network: By Published: 18 Feb 2021 11:06
Despite the LED being transposed into various European countries’ national laws, including the UK’s in May 2018, the EDPB publication marks the first time the body has broached the topic of LED adequacy, which the UK needs if it wants to continue receiving law enforcement data from the EU.
Specifically, the EDPB found the “standard of essential equivalence” Schrems II required for data adequacy decisions under the General Data Protection Regulation (GDPR) also applies in a similar manner to the law enforcement sector, which means EU citizens’ data being handled under the directive must be given the same level of protection when it is sent overseas as it receives within the EU.
UK police unlawfully processing over a million people’s data on Microsoft 365
The roll-out of Microsoft 365 to dozens of UK police forces may be unlawful, because many have failed to conduct data protection checks before deployment and hold no information on their contracts
Share this item with your network: By Published: 17 Dec 2020 9:30
Police forces across the UK stand accused of unlawfully processing people’s personal data within the Microsoft 365 cloud productivity platform, after failing to carry out the required data protection checks before deploying the technology, a Computer Weekly investigation has found.
Thirty police forces are involved in a national roll-out of Microsoft 365 (M365) as part of the National Enabling Programme (NEP), which was jointly created in 2017 by the National Police Chiefs Council (NPCC) and the Association of Police and Crime Commissioners (APCC) to spearhead the delivery of new cloud-enabled ways of working for the police.