Microsoft’s new plan to keep the US government’s hands off its customers’ data: Germany will be a safe harbor in the digital privacy storm.
Microsoft on Wednesday announced that beginning in the second half of 2016, it will give foreign customers the option of keeping data in new European facilities that, at least in theory, should shield customers from US government surveillance.
It will cost more, according to the Financial Times, though pricing details weren’t forthcoming.
Microsoft Cloud – including Azure, Office 365 and Dynamics CRM Online – will be hosted from new datacenters in the German regions of Magdeburg and Frankfurt am Main.
Access to data will be controlled by what the company called a German data trustee: T-Systems, a subsidiary of the independent German company Deutsche Telekom.
Without the permission of Deutsche Telekom or customers, Microsoft won’t be able to get its hands on the data. If it does get permission, the trustee will still control and oversee Microsoft’s access.
Microsoft CEO Satya Nadella dropped the word “trust” into the company’s statement:
Microsoft’s mission is to empower every person and every individual on the planet to achieve more. Our new datacenter regions in Germany, operated in partnership with Deutsche Telekom, will not only spur local innovation and growth, but offer customers choice and trust in how their data is handled and where it is stored.
On Tuesday, at the Future Decoded conference in London, Nadella also announced that Microsoft would, for the first time, be opening two UK datacenters next year. The company’s also expanding its existing operations in Ireland and the Netherlands.
Officially, none of this has anything to do with the long-drawn-out squabbling over the transatlantic Safe Harbor agreement, which the EU’s highest court struck down last month, calling the agreement “invalid” because it didn’t protect data from US surveillance.
No, Nadella said, the new datacenters and expansions are all about giving local businesses and organizations “transformative technology they need to seize new global growth.”
But as Diginomica reports, Microsoft EVP of Cloud and Enterprise Scott Guthrie followed up his boss’s comments by saying that yes, the driver behind the new datacenters is to let customers keep data close:
We can guarantee customers that their data will always stay in the UK. Being able to very concretely tell that story is something that I think will accelerate cloud adoption further in the UK.
Microsoft and T-Systems’ lawyers may well think that storing customer data in a German trustee data center will protect it from the reach of US law, but for all we know, that could be wishful thinking.
Forrester cloud computing analyst Paul Miller:
To be sure, we must wait for the first legal challenge. And the appeal. And the counter-appeal.
As with all new legal approaches, we don’t know it is watertight until it is challenged in court. Microsoft and T-Systems’ lawyers are very good and say it's watertight. But we can be sure opposition lawyers will look for all the holes.
By keeping data offshore – particularly in Germany, which has strong data privacy laws – Microsoft could avoid the situation it’s now facing with the US demanding access to customer emails stored on a Microsoft server in Dublin.
The US has argued that Microsoft, as a US company, comes under US jurisdiction, regardless of where it keeps its data.
Running away to Germany isn’t a groundbreaking move; other US cloud services providers have already pledged expansion of their EU presences, including Amazon’s plan to open a UK datacenter in late 2016 that will offer what CTO Werner Vogels calls “strong data sovereignty to local users.”
Other big data operators that have followed suit: Salesforce, which has already opened datacenters in the UK and Germany and plans to open one in France next year, as well as new EU operations pledged for the new year by NetSuite and Box.
Can Germany keep the US out of its datacenters? Can Ireland?
Time, and court cases, will tell.