by

Microsoft to Store Data in Germany. Make it Harder for Foreign Authorities. Safe Harbour Lesson #1.

Here’s a way to increase your data protection from US government access: Store it in Germany!

As you probably know, in October 2015 the European Court of Justice declared invalid a "Safe Harbor" agreement between the European Union and the U.S. that allowed Facebook and other firms to transfer data in huge quantities to their servers in the U.S.

The court threw this deal in the bin because it was worried about "mass indiscriminate surveillance and interception" of personal data by the U.S. authorities.

And that’s what’s Microsoft is proposing: to make it harder for Government authorities to put their hands in people’s data.

image

 

Why Germany?

After the whole saga between Microsoft vs. USA Justice Department, European consumers, rights groups and lawmakers have expressed concern about what U.S.-based companies share with American authorities.

image

The European Union has very rigorous rules to protect data, and Germany's regulations are considered especially strict. Besides that EU authorities have been clamping down on data protection in recent months over concerns about mass spying by U.S. intelligence services. Especially after the revelations made by former NSA contractor Edward Snowden that the U.S. spied on German officials, including Chancellor Angela Merkel, angered Berlin.

 

Where Will the Datacenters be Located in Germany?

They will be in Magdeburg and Frankfurt. These new datacenters will maintain the same level of expectations , security, service and quality standards as all Microsoft datacenters globally. The services offered will abide by the Microsoft trusted cloud principles of security, privacy, control, compliance and transparency, as well as consistency with Microsoft’s global cloud services.

image

The reason for 2 datacenters is to ensure business continuity. Also their data will be exchanged through a private network to ensure data resides in Germany even in transit.

 

What is Planned to be Stored in Germany?

As part of this big initiative, Office 365 customers will soon be able to choose to store all data from the following products in Germany:

  • Azure,
  • Office 365 and
  • Dynamics CRM Online

 

Who Will Oversee this Data?

Deutsche Telekom will be the assigned data trustee and will control and oversee access to all customer data.

 

What is a Data Trustee?

Data trustee is an entity that will handle data on your behalf. In this case, it will be a company called T-Systems, which is a subsidiary of Deutsche Telekom. It means that Microsoft will not be able to access this data without the permission of either:

  • customers or
  • the data trustee itself

and if permission is granted by the data trustee, will only do so under its supervision.

This is ground-breaking stuff. Never done it before in Europe and after the repercussion of the Safe Harbour case, this service is expected to grow rapidly.

 

What are the Impacts on Compliance for Customers?

These new cloud services in Germany will specifically address organizations and enterprises operating in data-sensitive areas such as the public, financial or health sector. The immediate effect on this is positive: Now you can even choose the datacenter within the EU jurisdiction which will translate in a better granularity of controls.

We are talking about the German Government which traditionally have a very high level of data handling regulations and security by default. As a matter of fact, Germany is one of the leaders in this quadrant. Together with Customer Lockbox, customers will be able to view how and where data is processed.

 

Will this Avoid the US Authorities to Access my Data?

Honestly, No. Any government that requires access to data stored in the cloud, regardless of the provider (Microsoft, AWS, Google etc) will get this access. In a fight between governments and private companies, governments always win.

However this move will make it increasingly harder for governments to have this access. And that’s the main goal here. It is not to block the access, but to put stronger controls around data access by other people except the data owner.

This move will be likely followed by Amazon and Google very soon.

 

Sounds Great! When Can I Move my Data to Germany?

There is a LOT of ground work to cover. Involving auditing, certifications, and buildings construction. Microsoft is releasing this information now to calm-down the nerves of some big customers. The expected timeline for availability will be around the 2nd semester of 2016

Read the official announcement here from Microsoft Europe.