Security and privacy concerns have been in the spotlight ever since the Edward Snowden debacle. There is a growing need for increased security of information, when almost every detail about one’s life resides as a sequence of binary digits in a box hundreds of kilometers away. Microsoft has been building and organizing data centres for more than 25 years. Today, they have more than 100 data centers that service more than 140 countries, and offer a variety of cloud computing services. Consequently, the security and reliability of these data centers and the information they contain is of utmost importance to their respective organizations. Previously, Microsoft had stated that, according to the Patriot Act, the government would be able to access the stored data even if the hosted company is not American and the data resides outside of the United States. In 2011, Gordon Frazer, the managing director of Microsoft UK confessed that cloud data stored in Europe could still be turned in to the U.S. government, in accordance with American law.
When asked if the company could guarantee whether data stored in Europe would not be able to cross the Atlantic, Frazer stated, “Microsoft cannot provide those guarantees. Neither can any other company.”
Since Microsoft’s headquarters are within the jurisdiction of the United States, the U.S. government was entitled to obtain anything on the Microsoft servers.
To address data security concerns, on Nov.11, 2015, Microsoft announced plans to deliver their cloud services from two new data centre regions: Magdeburg and Frankfurt am Main, Germany. With these centres, user data is controlled by a “data trustee” that functions under pro-privacy German law rather than American law. Access to customer data stored in these new data centres will be controlled by T-Systems, a subsidiary of Deutsche Telekom, an independent German company. Microsoft themselves will be unable to access this data without the express permission of customers or the data trustee.
As a further precaution, if the permission is granted by the data trustee, the data will only be accessed under the supervision of the trustee. This multi-tiered security system is a refreshing innovation in customer trust and the control of data.
The two data centres will be connected through a private network, in order to ensure that no data leaves Germany without customers’ knowledge. Microsoft stated that the new cloud services were targeted towards European companies that are entrusted with private and sensitive information from industries such as finance and healthcare. The services are expected to be available in the second half of 2016 to users in Germany, the European Union, and the European Free Trade Association.
According to Timotheus Höttges, CEO of Deutsche Telekom, “Microsoft is pioneering a new, unique, solution for customers in Germany and Europe. Now, customers who want local control of their data combined with Microsoft’s cloud services have a new option, and I anticipate it will be rapidly adopted.”
Microsoft’s data trustee model is a severe blow to the United States government in the ongoing war for privacy. It is certain that the U.S. government will retaliate with some sort of legislation to combat this loss of control. However, if Microsoft’s new system turns out to be successful, and other technology companies follow suit, the world could be at the threshold of a new age of privacy and safety.