- Microsoft is legally obliged to comply with the United States Cloud Law
- It means that the United States government can request to see any data, including sovereign clouds
- Only companies outside the US jurisdiction, or private encryption keys, are exempt
Microsoft has admitted that it cannot guarantee the sovereignty of data for customers in France or other countries of the European Union under the United States cloud law, which allows the United States government to access data from technology companies based in the United States, even if these data are stored abroad.
Questioned about the legal protections against the United States access to EU data, Microsoft France representatives, Anton Carniaux and Pierre Lagarde, confirmed that the company would analyze and resist any request for an unfounded American data, but ultimately, the company is legally obliged to comply with the valid ones.
It is important to note that the company has never received a request for information from US data. UU.
Microsoft cannot guarantee data sovereignty
Microsoft emphasized that there are systems to minimize data transfers, to maintain EU clients’ data within the EU, but Carniaux acknowledged that it could not guarantee that the United States did not access the data of French citizens without the consent of the French government, which raised great concerns.
Earlier this year, the EU data limit for the Microsoft Cloud project was confirmed complete, with other hyperscaleros rivals that also invest a lot in European sovereignty, but the last developments have made their efforts not worth it after everything.
Interestingly, AWS, Microsoft and Google supported the bill when it was approved, so they are not new news for them.
“The servers of the United Kingdom or the EU make no difference when the jurisdiction is in another place and the local subsidiaries or the ‘reliable’ associations do not change that reality,” explained the CEO of Civio, Mark Boost.
Boost added that this weakness threatens national security, personal privacy and business competitiveness.
Ultimately, the conclusion is that the residence and location of the data are not the same as the jurisdiction, even European companies such as OVHCloud that operate in the United States are subject to data requests from the United States government.
And although EU legislation constantly adds friction, unless a supplier is out of the jurisdiction of the United States or a client is the only holder of an encryption key, absolute sovereignty cannot be guaranteed.
Through The registration
