Only last year Microsofts President and Chief Lawyer Brad Smith (Page 4, on top of the page) stated that only online products can be trusted when all personal data is secured by national laws. Now, one year later, Microsoft announced that they terminated the collaboration with their German data trustee T-Systems, who played an essential role for the Microsoft Cloud especially for Germany.New customers of the Microsoft Cloud will automatically be users of the global Microsoft Cloud.
In order to prevent US authorities to have the possibility to have access to data of their customers, Microsoft launched the Cloud for Germany with T-Systems as their data trustee. The corporation itself only would be able to access this kind of data in exceptional cases and even then only under supervision.
Believing instead of knowing?
The “Germany Cloud” of Microsoft is being supervised by T-Systems. The collaboration around the Cloud follows an apparently very strict construct of contracts. According to a test of heise.de, however, the degree of data security and data safety Microsoft claimed it to be, could not be proven.
Will now the Microsoft Privacy Statement apply?
The data-security-friendly attitude of Microsoft did not hold up for a long time as they now terminated the Cloud for Germany. Companies that are using the cloud-products of Microsoft have to anticipate that their data that Microsoft and all of its partner companies will be stored in the US or even in countries like Hong Kong. This is especially precarious, as the data security laws partially have been declared as inappropriate by the EU commission. In some cases there may not even be a regulatory authority for this matter.
That’s how you can find the source:
1. Go to the Microsoft Privacy Statement
2. Click on the subheading “Further important information about the Privacy Statement”
3. Go to “Further Information” and look for the point “Where we save your data”
More awareness for the Cloud
Customers of the products like Microsoft Teams, which is part of Office 365 should be aware of the conditions of the global Microsoft-Cloud. Ultimately, the US authorities reserves itself the right to access all data of customers and its content on basis of the US-Freedom Act (link below) (Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act).
American internet-companies and IT-service providers are since the new USA Cloud Act (link below) obliged to grant US authorities access to their data, even when the data is not stored in the US.
European players in the economy have to resist the appetite for data of the US
The messaging- and collaboration-solution Grape is as an European company immune to the guidelines of the Freedom Act and can therefore guarantee complete data security (“Privacy by Design”).
- Grape conforms to EU-GDPR rules and prioritizes data security
- Grapes Cloud-servers are exclusively hosted in Germany
- With the help of an own Grape-server (“on-premise solution”) can Grape customers regain full control over their internal communication and data.
European alternative to US-collaboration tools
“If Europe wants to become a leading force not only in the economy, but also in digitalization, we strongly suggest a rapid change in thinking with regards to Cloud-services and collaboration tools“, explains Felix Häusler, CEO and founder of the Viennese messaging- and collaboration-solution Grape. An example of this would be arrest of the Volkswagen-managers in the US because of the diesel scandal. Grape offers an enterprise messenger that is tailored especially for the needs and data security demands of European companies. “Sensitive data from internal company communication should never be saved on Clouds of US-providers“, warns Häusler.
What European companies should know about the US-Freedom Act and the US CLOUD Act:
“Even though American authorities have to have at least a suspect case, e.g. that the concerned user is of potential danger for others. Irrespective of this, nothing can get in the way of surveillance and analysis of telecommunication data on a huge scale.“
“American internet-companies and IT-service providers are since the new US CLOUD Act obliged to grant US authorities acces to their data, even when the data is not stored in the US. This violates several points of the EU-GDPR policy.“
More on our GDPR conformity
Sources of the blog entry:
- telekom.de, PDF, Microsoft Cloud Deutschland: Das Datentreuhändermodell und das Cloud Control
Center für die deutsche Microsoft Cloud
- heise.de, Auslaufmodell: Microsoft Cloud Deutschland
- news.microsoft.com, Microsoft stellt seine Cloud-Dienste ab 2019 aus neuen Rechenzentren in Deutschland bereit und reagiert damit auf veränderte Kundenanforderungen
- searchsecurity.de, Microsofts Deutschland-Cloud geht mit neuen Partnern in die Preview-Phase
- youtube: Rechtlicher Überblick: Die Microsoft Cloud mit deutscher Datentreuhand | Microsoft
- microsoft.com: Deutsche Cloud, Microsoft Azure, Office 365 und Dynamics 365
- heise.de, Glauben statt wissen
- privacy.microsoft.com, Datenschutzerklärung von Microsoft
- Wikipedia, USA Freedom Act