The software giant will also compensate users whose information is inappropriately disclosed to government agencies, Microsoft Chief Privacy Officer
Microsoft is one of a number of big tech companies working to continue to legally send data to the U.S. after a landmark EU court
Companies transferring data to the U.S. using “contractual clauses” -- one of the few legal methods remaining -- now have to implement extra privacy measures, such as encryption. If companies or regulators deem that customer data is unsafe in the U.S. or any other destination, they may suspend those transfers altogether.
“We believe the new steps we’re announcing today go beyond the law,” Brill said, adding the legal challenges to law enforcement requests would pertain to all governments, not just the U.S. “We hope these additional steps will give our customers added confidence about their data.”
The European Data Protection Board, a body of EU data watchdogs, last week issued guidance to help companies identify if they need to implement extra measures before transferring their data, such as swapping identifying information with pseudonyms.
Microsoft’s measures announced Thursday come in addition to other commitments the company already builds into contracts it signs with customers, including pledges to encrypt data in transit and at rest, and to comply with legal government demands for data only if they are clearly compelled to do so.
--With assistance from
To contact the reporter on this story:
To contact the editors responsible for this story:
Amy Thomson, Jennifer Ryan
© 2020 Bloomberg L.P. All rights reserved. Used with permission.