Microsoft already keeps all European personal cloud data within its EU data borders

The EU's GDPR (General Data Protection Regulation) rules include a requirement that companies providing cloud-based services must not transfer personal data to overseas servers, including the United States, without privacy protection measures. This week, Microsoft announced a new plan to keep the personal data of its European users within the EU.

Microsoft announced in a blog post that starting in 2023, it will begin storing and processing customer data for some cloud services, including Microsoft 365, Azure, Power Platform and Dynamics 365.

This week, that effort expanded to include storing all personal data of European users within Microsoft's EU data borders, including its automated system logs. Microsoft is also providing new transparency and documentation on its European cloud privacy and storage efforts on a new website.

Finally, the company revealed that it will use EU-based technology to protect user information if remote access to these servers is required to monitor its systems. Microsoft said this includes establishing "a virtual desktop infrastructure within the EU data borders for monitoring our systems."

The blog post added: To ensure our EU customers receive the same world-class security as our other global customers, any data transferred outside the EU for security purposes will be logged, limited to data required for critical cybersecurity functions, and used solely for those cybersecurity purposes.

Microsoft's efforts on EU data storage and privacy protection aren't over yet. Later in 2024, Microsoft will make changes to its technical support capabilities to keep data within EU borders. If any technical support data needs to be accessed outside the EU region, Microsoft said it will "limit and protect any required temporary data transfers through technical methods such as virtual desktop infrastructure." The company will also launch a paid technical support option that will be set up within EU borders.

Other tech companies have been fighting the EU over its data privacy rules. In May 2023, the European Union imposed a fine of US$1.3 billion on Meta because the company was suspected of sending the personal data of Facebook EU users to servers in the United States without privacy protection measures. Meta is appealing the fine.