- Microsoft is legally forced to comply with the American cloud law
- This means that the American government can ask to see data, including sovereign clouds
- Only companies outside the American jurisdiction or private encryption keys are exempt
Microsoft admitted that it could not guarantee the sovereignty of data for customers in France or in other European Union countries under the US CLOUD law, which allows the US government to access data from technological companies based in the United States, even if this data is stored abroad.
Asked about legal protections against American access to EU data, Microsoft France Anton Carniaux and Pierre Lagarde representatives have confirmed that the company would analyze and resist all of the not founded American data, but ultimately, the company is legally obliged to comply with valid requests.
Above all, the company has never received a request for American data for information stored in Europe, according to its transparency reports, but the ongoing geopolitical tensions have sovereign nations that are worried about this.
Microsoft cannot guarantee data sovereignty
Microsoft stressed that there are systems in place to minimize data transfers, to maintain data from EU EU customers, but Carniaux recognized that it could not guarantee that the United States did not accelerate the data of French citizens without consent of the French government, which raises enormous concerns.
Earlier this year, the EU data limit for the Microsoft Cloud project has been complete, with other hyperscalor rivals also overwhelmingly investing in European sovereignty, but the latest developments have made their efforts that do not bother after all.
Interestingly, AWS, Microsoft and Google have all taken care of the bill when adopted, so this is no news for them.
“British or European servers make no difference when competence is elsewhere and local subsidiaries or” confidence “partnerships do not change this reality,” said CIVvo CEO Mark Boost.
Boost added that this weakness threatens national security, privacy and business competitiveness.
In the end, the main thing is that the residence and the location of the data are not the same as the jurisdiction – even European companies like OVHCLOUD operating in the United States are subject to demands for data from the United States Government.
And although EU legislation regularly adds friction, unless a supplier is outside the American jurisdiction or a customer is the only holder of a encryption key, absolute sovereignty cannot be guaranteed.
Via The register
