The Channel logo


By | Dan Robinson 28th September 2016 06:18

Microsoft hails pointless Privacy Shield status for its cloud services

Yeah, it's self-certification. Give yourself a pat on your own back, Redmond

Microsoft has issued a missive congratulating itself as the first global cloud service provider to get with the new EU Privacy Shield Framework agreed with the US, which must mean your data is safe in its hands, right?

Sadly, the Privacy Shield Framework, like the Safe Harbor agreement that preceded it, relies on US companies self-certifying that they comply with the regulations. In other words, it doesn’t mean that Microsoft’s cloud has passed through a rigorous test procedure and declared to be compliant with the privacy rules: it simply means that Microsoft says it is.

Microsoft announced on its Azure blog that it is “proud to become the first global cloud service provider to appear on the Department of Commerce’s list of Privacy Shield certified entities.” This happened on August 12, which anyone can check by going to the US Department of Commerce’s site.

Safe Harbor fell by the wayside following the Edward Snowden revelations regarding the US security services' relentless hoovering up of any and all data. In light of this, the EU brought in a revised agreement, Privacy Shield, which was officially adopted on July 12.

US companies previously operating under Safe Harbor were required to update their compliance activities before certifying with the Department of Commerce that they now complied with Privacy Shield.

Of course, we aren’t suggesting that Microsoft is failing to comply with Privacy Shield, just that the certification is largely meaningless because companies are allowed to judge for themselves whether they meet the criteria.

"Adherence to this framework underscores the importance and priority we at Microsoft put on privacy, compliance, security, and protection of customer data around the globe," the firm said in its announcement. ®

comment icon Read 10 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe