Sunday, May 26, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Microsoft, Google and Facebook. How the US giants are moving on EU data

3 years ago babelfish

Microsoft, Google and Facebook. How the US giants are moving on EU data

While Microsoft has announced that the data of all Microsoft customer organizations and PAs in the EU will be processed and stored in the EU, what are Google and Facebook doing?

Microsoft has responded to the appeal of the EU: it will archive and process the data of all organizations and European public administrations that are Microsoft customers on servers in Europe.

This was announced earlier this month by the tech giant from Redmond with the 'Eu Data Boundary for Microsoft Cloud' plan. The breakthrough is part of the larger EU Cloud Customer Summit project, which will be outlined by Microsoft in the fall.

Google and Microsoft, along with market leader Amazon, dominate the data storage realm around the world, fueling concerns in Europe about US surveillance risk in the wake of the adoption of the 2018 US CLOUD Act.

Although the Gaia-X initiative led by France and Germany continues, which aims to establish common standards for storing and processing data on servers located locally and complying with the strict data privacy laws of the European Union , Microsoft does not want to stay out of it.

Without forgetting the historic ruling last July ("Schrems II") , when the EU Court of Justice ruled the Privacy Shield invalid, the key agreement between the US and the EU used to transfer Europeans' personal data across the Atlantic. for commercial use.

However, the Court of Justice has allowed cloud companies such as AWS and Google to still use standard contractual clauses as a legal data transfer mechanism, with some changes.

If Microsoft is currently testing a plan to store European data in Europe, Google and Facebook may have problems in sight.

All the details.

WHAT MICROSOFT WILL DO WITH EU DATA

Microsoft's commitment provides that the data of all organizations and PA customers within the European Union will be processed and stored in the EU, "confirming our commitment to data storage" explained Brad Smith, president of the giant. technological.

In summary, there will be no need to move data outside the EU.

On the other hand, Microsoft's cloud services were already compliant with EU guidelines even before the announcement. "We have already started work on a technical level, so that our cloud services can store and process all personal data of European customers in the EU if they want to," said Smith.

THE CLOUD SERVICES INVOLVED

This commitment will apply to all major Microsoft cloud services: Azure, Microsoft 365 and Dynamics 365.

THE EU DATA BOUNDARY FOR MICROSOFT CLOUD PLAN

“We are already starting to work on this further plan – the note reads – called Eu Data Boundary for Microsoft Cloud, with the aim of completing the planned activities by the end of next year”.

“We are confident that today's update can be an additional element for all customers who want an even greater commitment to Data Residency. We will continue to discuss with customers and regulatory authorities on this plan in the coming months, regarding the necessary adjustments in terms of safety and we will continue taking into account their feedback ”.

THE DATA CENTER NETWORK IN EUROPE

The EU Data Boundary for Microsoft Cloud plan is made possible thanks to a large European data center infrastructure. Microsoft opened its first data center in Europe in 2009 and in 2020 announced more in 13 countries, including Italy.

WHAT THE AUSTRIAN PRIVACY GUARANTOR IS DECIDING

Microsoft therefore ran for cover, committing itself to archiving European data on servers in the EU, but what are the other technological giants doing in this regard (Google and Facebook in the first place) ?.

On May 6, the digital rights association Noyb announced that it had recalled the Austrian data protection authority regarding alleged violations by Google LLC of the GDPR, following a request for an opinion by the DSB on the companies companies that continue to send website visitor data to Google LLC and Facebook Inc. in alleged violation of the judgment of the Court of Justice of the European Union Schrems II.

After the “Schrems II” ruling, the noyb organization chaired by Max Schrems in fact filed 101 complaints against EU websites in August 2020 which continued to transmit data on each visitor to Google and Facebook. All complaints are also directed against the US parent companies of Google and Facebook.

WHAT GOOGLE RISKS

The first of these complaints could soon be debated by the Austrian Data Protection Authority (Dpa) and could lead to a massive fine against Google.

This is a possible fine of over 6 billion euros. Since the complaint is directed at Google LLC which operates separately from its European subsidiary (Google Ireland Ltd), any data protection authority in the EU can impose a penalty under the GDPR. In this specific case, the Austrian Dpa can impose 4% of the global turnover of Google LLC.

AND WHAT FACEBOOK RISKS

But even Facebook cannot rest easy in Europe.

On Friday, the Irish High Court ruled that the Irish Data Protection Commission (DPC), the main regulator of Facebook in the European Union, may resume an investigation into the data transfer of the company's European users to the United States.

Last August, the DPC also issued a provisional order that Facebook cannot use the standard contractual clauses (SCC) mechanism to transfer user data between the EU and the United States.

In fact, last July the Court of Justice also ruled that, according to the SCCs, national privacy guarantors must suspend or prohibit transfers outside the EU if data protection in other countries cannot be guaranteed.

Facebook said the Irish privacy regulator had delivered the ruling prematurely, giving the company too little time to respond. The Irish court rejected that claim and allowed the DPC to proceed with its investigation into Facebook's data sharing.

"DEVASTATING CONSEQUENCES"

The case is significant for the giant led by Mark Zuckerberg. The company could in fact be forced to store EU user data locally if the DPC required it to stop moving data to the United States for processing.

Although the Irish court's decision does not result in an immediate halt to data flows, Austrian privacy activist Max Schrems said he believes the decision makes it inevitable.

Facebook had challenged both the investigation and the preliminary draft decision. The latter would bring "devastating" and "irreversible" consequences for its business, which is based on the processing of user data to publish targeted online ads.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/microsoft-google-e-facebook-come-si-muovono-i-colossi-usa-sui-dati-ue/ on Tue, 18 May 2021 07:42:40 +0000.