Microsoft Admits Patriot Act Can Access EU-based Cloud Data
Within a seven page whitepaper, Microsoft details the security features of their Office 365 suite, and reveals links to the Trust Center; a treasure trove of data protection policies and legalities of how Microsoft will handle your data in its cloud datacenters. It was suspected that the laws like the USA PATRIOT Act would supersede many of the clauses and that was confirmed by Microsoft recently. At the Office 365 launch, Gordon Frazer, managing director of Microsoft UK, gave the first admission that cloud data regardless of where it is in the world is not protected against the USA PATRIOT Act. As always, if you put any data on the internet be sure you are okay with anyone seeing it. If you have data that needs to be secure it should not be on the web on the first place or at least in a private cloud network.
Can Microsoft guarantee that EU-stored data, held in EU based datacenters, will not leave the European Economic Area under any circumstances even under a request by the Patriot Act? Frazer explained that, as Microsoft is a U.S.-headquartered company, it has to comply with local laws (the United States, as well as any other location where one of its subsidiary companies is based). Though he said that customers would be informed wherever possible, he could not provide a guarantee that they would be informed if a gagging order, injunction or U.S. National Security Letter permits it.
Comments are closed.