ARN

Microsoft’s EU data boundary plan to take effect from January 1

The plan, which covers Microsoft products and services such as Azure, Power BI, Dynamics 365 and Office 365, will allow customers to store and process their customer data within the EU.

Microsoft will begin rolling out the first phase of its European Union data boundary plan from January 1, 2023 that’ll allow customers to store and process their customer data within the EU. The move comes two days after the EU commission said it had officially begun the process of approving the EU-US Data Privacy Framework.

Under the first phase of the plan, companies that use Microsoft products and services will be able to store and process their customer data within the EU. Microsoft has included Azure, Power BI, Dynamics 365 and Office 365 under the first phase.

“With this release, Microsoft expands on existing local storage and processing commitments, greatly reducing data flows out of Europe and building on our industry-leading data residency solutions,” Julie Brill, corporate vice President at Microsoft, said in a blog post.

The upcoming phases, according to Brill, Microsoft will expand the boundary plan to include the storage and processing of additional categories of personal data, including data provided when receiving technical support.

Microsoft had announced the intent to launch the EU boundary plan in March, which was around the same time when the US and EU had agreed to sign the Trans-Atlantic Data Policy Framework.

The framework was signed as large companies operating in the EU remained anxious over their customer data flowing outside European borders in wake of the General Data Protection Regulation (GDPR) introduced in 2018. These companies were primarily worried about attracting large penalties, mainly due to US surveillance laws, which could potentially flout GDPR norms over misusing or breaching personal data without consent.

While Microsoft didn’t offer any new details on how the plan will exactly work, earlier in March it had said that it will challenge any request for data transfer that doesn’t align with the Trans-Atlantic Data Privacy and Security Framework.

The company, which opened and is constructing data centres in more than 17 data centre regions in Europe, said it will publish a new data flow documentation to provide transparent data insights for customers whose services will be included in the boundary.