Microsoft Allows Customers to Choose EU for Data Processing & Storage

Written by: Brett Lawrence, Esq.

On May 6, 2021, Microsoft announced it will allow its commercial and public sector customers in the European Union (“EU”) to process and store all of their personal data in the EU. This implementation will be completed by the end of 2022 and is called the “EU Data Boundary for the Microsoft Cloud.”

Microsoft’s commitment will apply across the board for all its core cloud services—Azure, Microsoft 365, and Dynamic 365. Microsoft’s announcement is likely a response to the “Schrems II” decision last June that struck down the “EU-US Privacy Shield” that allowed personal data transfers to the United States. However, the CLOUD Act still allows the US government to compel Microsoft to provide requested personal data stored on its servers, regardless of location. Microsoft stated it “will challenge every government requests” for personal data “from any government” if a lawful basis exists.

In any event, this is a major decision by a market‑leading cloud service provider. Microsoft may have furthered what the EU has wanted since GDPR’s inception—EU citizens controlling their own personal data.