This article is more than 1 year old
You're about to gouda major change in Microsoft cloud security after Redmond agrees to go Dutch on data
Will take the GDPR hit for all cloud biz so you don't have to
Microsoft says it will be making a data protection deal it struck with the Dutch Ministry of Justice and Security into a global policy for its cloud services.
Under the new outline for its Online Services Terms (OST) agreement for enterprise customers, Microsoft says it will take the responsibility as the legal data controller for all of its commercial cloud services including Azure, Office 365, Dynamics, and Intune.
By designating itself as the data processor, Microsoft will agree to handle all data privacy and storage requirements.
"At a basic level, this means Microsoft collects and uses personal data from its enterprise services to provide the online services requested by our customers and for the purposes instructed by our customers," Julie Brill, Microsoft chief privacy officer and corporate VP for global privacy and regulatory affairs, explained.
"As a processor, Microsoft ensures the integrity and safety of customer data, but that data itself is owned, managed and controlled by the customer."
While the new terms will be rolled out in early 2020 for all commercial cloud customers worldwide, they will largely be of interest to those operating within the EU under the GDPR.
With the new terms in effect, businesses can rest assured that any GDPR concerns for those Azure, Office 365, and other cloud services will be handled by Microsoft, rather than falling on their shoulders.
This designation was the reason for a conflict that arose between Microsoft and the Netherlands' Ministry of Justice earlier this year. Worried that some of the data-handling procedures in Office 365 and Office mobile apps were not in compliance with GDPR guidelines, the ministry went so far as to warn other European governments not to use the Microsoft services.
The warning caught the attention of Microsoft, who then sat down with the MoJ and worked out a new set of policies and agreements that addressed all of the ministry's concerns.
"As noted above, the updated OST reflects the contractual changes we developed with the Dutch MOJ," said Brill.
"The only substantive differences in the updated terms relate to customer-specific changes requested by the Dutch MOJ, which had to be adapted for the broader global customer base." ®
Biting the hand that feeds IT
