Microsoft extends its commitments to data privacy

data protection

We recognize how critical data privacy is to enabling our customers to move to the cloud, and Microsoft has been a pioneer in offering privacy protections for its enterprise cloud services. We were the first to offer contractual commitments for customers subject to the E.U. Data Protection Directive and U.S. HIPAA laws, which call for safeguarding personal data, and have continued to strengthen data privacy through technical, operational and legal protections. Most recently, we have taken a number of steps to further bolster data privacy for our customers, including:

European Union Approval. Earlier this month, Brad Smith announced that Microsoft’s cloud contracts have been validated by European Union data protection authorities as meeting the rigorous privacy standards that regulate companies operating in E.U. member states. Microsoft has been working closely with the E.U. regulators to allow for the transfer of personal data across borders using its enterprise cloud services, and Microsoft is the first – and so far the only – company to receive joint approval from E.U. Article 29 for its strong contractual commitments to comply with E.U. privacy laws no matter where data is located. This provides additional assurances beyond the Safe Harbor Agreement between the E.U. and U.S, and ensure customers can continue to operate globally if that agreement is changed or suspended.

Expanded Contractual Scope. We have significantly expanded the scope of Azure services covered by our Data Processing Agreement, E.U. Model Clauses, and HIPAA Business Associate Agreement (BAA) to include SQL Database, Active Directory, Traffic Manager, Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus, and Multi-Factor Authentication as well as Cloud Services, Storage, Virtual Machines, Virtual Networks which were covered previously. This will extend the privacy assurances offered by those agreements across a much broader set of Azure services.

These contractual commitments, backed by technical capabilities and operational practices that ensure we can meet on our privacy obligations, benefit customers in every geography and industry. Customers across the globe can use Azure with confidence knowing that Microsoft has met the high bar of privacy protections mandated by these regulations.

For more information on security, privacy and compliance, visit the Azure Trust Center.