Subj : MS cannot guarantee EU da
To   : All
From : Mike Powell
Date : Mon Jul 28 2025 07:55 am

Microsoft admits it would have to let Trump spy on EU data if demanded

Date:
Mon, 28 Jul 2025 12:10:00 +0000

Description:
Even though Microsoft has made huge steps towards European data sovereignty,
it still can't promise the US won't peep.

FULL STORY

Microsoft has admitted it cannot guarantee data sovereignty for customers in
France or other European Union countries under the US Cloud Act, which allows
the US government to access data from US-based tech firms, even if that data
is stored overseas.

Questioned about legal protections against US access to EU data, Microsoft
France reps Anton Carniaux and Pierre Lagarde confirmed the company would
analyze and resist any unfounded US data requests, but ultimately, the
company is legally obliged to comply with valid ones.

Importantly, the company has never received a US data request for information
stored in Europe, according to its transparency reports, however ongoing
geopolitical tensions have sovereign nations worried about that.

Microsoft cannot guarantee data sovereignty

Microsoft stressed there are systems in place to minimize data transfers, to
keep EU customer data within the EU, but Carniaux acknowledged that he could
not guarantee the US wouldn't access French citizen data without French
government consent, raising huge concerns.

Earlier this year, the EU Data Boundary for the Microsoft Cloud project was
confirmed complete, with other hyperscaler rivals also investing heavily in
European sovereignty, but the latest developments have rendered their efforts
not worthwhile after all.

Interestingly, AWS, Microsoft and Google all supported the bill when it was
passed, so it's not new news to them.

"UK or EU servers make no difference when jurisdiction lies elsewhere and
local subsidiaries or 'trusted' partnerships don't change that reality," Civo
CEO Mark Boost explained.

Boost added that this weakness threatens national security, personal privacy
and business competitiveness.

Ultimately, the bottom line is that data residency and location is not the
same as jurisdiction  even European companies like OVHcloud operating in the
US are subject to US government data requests.

And while EU legislation is steadily adding friction, unless a provider is
outside US jurisdiction or a customer is the only holder of an encryption
key, absolute sovereignty cannot be guaranteed.

Via The Register

======================================================================
Link to news story:
https://www.techradar.com/pro/microsoft-admits-it-would-have-to-let-trump-spy-
on-eu-data-if-demanded

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from vert.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.