E.U. Data Protection Directive
The E.U. Data Protection Directive (95/46/EC) contains strict requirements for the handling of personal data in the European Union. Under European law, our customer is the data controller of its Customer Data and Microsoft is the data processor. To allow for the flow of information required by international business (including cross border transfer of personal data), Microsoft adhere to the U.S.-EU Safe Harbor Framework developed by the Department of Commerce in coordination with the European Commission. The Safe Harbor certification allows for the legal transfer of E.U. personal data outside the E.U. to Microsoft for processing.
Microsoft also offers customers E.U. Standard Contractual Clauses that provide additional contractual guarantees around transfers of personal data for in-scope services. Microsoft’s implementation of the E.U. model clauses has been validated by European Union data protection authorities as being in line with the rigorous privacy standards that regulate international data transfers by companies operating in its member states. Microsoft is the first company to receive joint approval from the E.U.’s Article 29 Working Party for its strong contractual commitments to comply with E.U. privacy laws no matter where data is located.
It is important to note that Microsoft will transfer E.U. Customer Data outside the E.U. only under very limited circumstances. See the Location of Data section for details.