Microsoft to roll out ‘data boundary’ for EU customers from Jan. 1

(This Dec. 15 story has been refiled to correct grammar in paragraph 5 to ‘need to be taking,’ not ‘needed to be taken’)

By Martin Coulter and Supantha Mukherjee

LONDON/STOCKHOLM (Reuters) – Microsoft Corp said on Thursday its European Union cloud customers will be able to process and store parts of their data in the region from Jan. 1.

The phased rollout of its “EU data boundary” will apply to all of its core cloud services – Azure, Microsoft 365, Dynamics 365 and Power BI platform.

Big businesses have become increasingly anxious about the international flow of customer data since the EU introduced the General Data Protection Regulation (GDPR) in 2018, which protects user privacy.

The bloc’s executive arm, the European Commission, is working through proposals to protect the privacy of European users whose data is transferred to the United States.

“As we dived deeper into this project, we learned that we need to be taking a more phased approach,” Julie Brill, Microsoft’s Chief Privacy Officer, told Reuters.

“The first phase will be customer data. And then as we move into the next phases, we will be moving logging data, service data and other kind of data into the boundary,” she said. The second phase will be completed at the end of 2023 and phase three will be completed in 2024, she said.

Microsoft operates more than a dozen datacentres across European countries including France, Germany, Spain and Switzerland.

For big companies, data storage has become so large and distributed across so many countries that it becomes difficult for them to understand where their data resides and if it complies with rules such as GDPR.

“We are creating this solution to make our customers feel more confident and to be able to have clear conversations with their regulators on where their data is being processed as well as stored,” Brill said.

Microsoft has previously said it would challenge government requests for customer data, and that it would financially compensate any customer whose data it shared in breach of GDPR.

(Reporting by Martin Coulter and Supantha Mukherjee; Editing by Josie Kao)