Microsoft's EU Data Boundary will begin staggered rollout in January 2023
Public sector and commercial customers will be the first to benefit when the rollout begins on 1 January across all of Microsoft's core services
Microsoft has announced the staggered rollout of its long-awaited EU Data Boundary solution will begin in January 2023.
The solution is expected to roll out first to public sector and commercial customers and aims to allow businesses to store and process their customer's data within the European Union (EU).
First announced last year, the data boundary builds on Microsoft’s existing EU data storage commitments. The data residency solution means that customer data will only be processed and accessed from the jurisdiction in which it originates.
Microsoft said this was developed using extensive customer feedback over the last 18 months. Engineering work to support the implementation of the solution began shortly after the announcement in May 2021.
When introduced on 1 January, the change will apply to all core services, including Azure, Microsoft 365, Power BI, and Dynamics 365.
“Beginning on 1 January 2023, Microsoft will offer customers the ability to store and process their customer data within the EU Data Boundary for Microsoft 365, Azure, Power Platform, and Dynamics 365,” the company said in a statement.
“With this release, Microsoft expands on local storage and processing commitments, greatly reducing data flows out of Europe, and building on our industry-leading data residency solutions.”
Cloud Pro Newsletter
Stay up to date with the latest news and analysis from the world of cloud computing with our twice-weekly newsletter
In later phases of its rollout, Microsoft also outlined plans to expand the solution to include the storage and processing of “additional categories of personal data”, including data provided when receiving technical support.
At present, Microsoft provides cloud services to customers in nearly every country in the world. In Europe specifically, the company has opened – and is currently building – data centres in 17 data centre regions. The tech giant plans to build nine new additional regions in the coming years.
The rollout of the EU data boundary solution aims to support the regulatory requirements of customers across the EU and European Free Trade Association (EFTA), and follows long-running concerns over the flow of customer data across international boundaries.
Julie Brill, Microsoft’s chief privacy officer told Reuters the data boundary solution will “make our customers feel more confident” and enable them to have “clear conversations with regulators on where their data is being processed as well as stored”.
International data flows
Since the introduction of the GDPR in 2018, businesses globally have become increasingly concerned about the legality of international data flows, and operating across a wide variety of regulatory frameworks has presented challenges with regard to compliance.
The European Commission has been vocal in its intent to enforce regulatory requirements and is currently developing proposals to protect European user data during transferrals to the United States.
Similarly, in May 2021 the EU's data protection supervisor (EDPS) authority launched a probe into the European Commission’s use of Microsoft 365 products amid concerns over GDPR compliance.
Mike Kiersey, EMEA head of sales engineering at Boomi, told IT Pro that ensuring the seamless flow of data is critical to business operations globally. As such, support for organisations to ensure compliance is a welcomed move.
“Data movement is happening more often in real-time and it has become crucial to successful business operations,” he said. “Therefore, the ability to have iniquitous access to data at speed is key for providers.”
Caroline Carruthers, CEO and co-founder at data consultancy Carruthers and Jackson, warned that the introduction of the EU data boundary “fundamentally makes data flow less efficient” and will not fully prevent personal information from being accessed in different jurisdictions.
“Data does not respect geography, and attempting to ringfence it will never give 100% protection to customers,” she said.
“Putting up data boundaries and restricting free flow of data is a regressive step for wider data transformation. Instead of trying to pull up the castle moat on European data, governments and multinationals should be pushing for global data standards to ensure enhanced security does not stifle data innovation.“
Microsoft said its cloud services “already comply with or exceed EU requirements”, adding that the introduction of the new data boundary will provide future benefits for the public sector and commercial customers operating within the EU and EFTA, helping them to remain compliant.
In addition, as part of the rollout, the tech giant revealed plans to publish new data flow documentation to provide “transparent data insights” for customers whose services will be included in the boundary.
Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.
He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.
For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.