European concern about where data is hosted grew following the striking down of the Safe Harbor Agreement by the EU’s top court last month. That agreement offered an easy way for over 4,000 companies to certify that they respected the EU’s Data Protection Directive while processing Europeans’ data in the U.S. The finding by the Court of Justice of the European Union that the agreement did not provide sufficient protection under EU law has forced many of those companies to hurriedly put in place alternative legal mechanisms, such as the use of approved model contract clauses, to protect their customers’ data.
In theory, neither Microsoft nor AWS should be concerned by the CJEU’s ruling. Although both were registered under the Safe Harbor Agreement, they have also incorporated model contract clauses into their agreements with customers, and those clauses have received the approval of European data protection registrars.
But following the court’s ruling on Safe Harbor, German regional privacy watchdogs said they also doubted the adequacy of the alternative legal mechanisms and refused to approve any more model contract clauses, leaving the future of personal data exports in some doubt and making the creation of European data center infrastructure a good bet.
In addition to Azure and Office 365, Microsoft plans to host its Dynamics CRM Online service in the U.K. data centers, aiming the services at government organizations, regulated industries and other businesses.
Like AWS, Microsoft divides its worldwide network of data centers into clusters, or regions. Microsoft lists 20 availability regions on its site, while AWS lists 11, although both have announced plans to add more.
The two companies each operate two regions within the EU today: AWS in Ireland and Germany, and Microsoft in Ireland, recently expanded, and the Netherlands, which only just came online.
Microsoft hasn’t waited for a U.K. data center to sign up local businesses: It already counts department store chain Marks & Spencer and airline Virgin Atlantic as customers.
But while it may be hoping use privacy concerns to win over local customers, some of them may soon be looking for ways to move their data far from London in the light of the draft legislation on surveillance powers unveiled by the U.K. government last week.