Microsoft expands EU data localization efforts to cover system logs
Microsoft has announced that it will expand its data localization efforts in the European Union to include system logs, which are records of events and activities that occur in its cloud services. This means that Microsoft will store and process these logs within the EU, rather than transferring them to other regions.
The company said this move is part of its commitment to meeting the changing needs and expectations of its customers, as well as complying with EU data protection laws and regulations. Microsoft added that it will offer this option to all its enterprise and public sector customers in the EU by the end of 2022.
Data localization is the practice of storing and processing data within a specific geographic region, rather than transferring it across borders. Some countries and regions have enacted laws or policies that require or encourage data localization, whether for economic, privacy, or national security reasons. Data localization may also be a preference or requirement for some customers, especially in highly regulated industries or sectors.
Microsoft has been investing in data localization initiatives in the EU for several years, as part of its broader strategy to build a "trusted cloud" that respects local laws and values. In 2015, Microsoft launched its first cloud regions in Germany, operated by a local data manager. In 2018, Microsoft announced that it would offer cloud services from new data center regions in France, Germany and Switzerland. In 2020, Microsoft revealed that it would allow its customers to store and process all core customer data within the EU by the end of 2022.
System logs are a type of data generated by cloud services to monitor their performance, security, and reliability. System logs may contain information such as IP addresses, device identifiers, timestamps, and error codes. System logs are different from customer data, which is data that customers upload or create using cloud services, such as files, emails, messages, or databases.
Microsoft said it will apply the same high security, privacy and compliance standards to system logs as it does to customer data. Microsoft also said it will continue to work with regulators, policymakers and industry partners to advance its vision of a trusted cloud that empowers customers and respects their choices.
Microsoft continues to expand its data localization offering in the EU. The company announced today that it has completed the second phase of its “EU Data Limits for Microsoft Cloud” project, which aims to give customers more control and transparency over where their data is stored and processed.
The project, which was launched in early 2023, consists of two phases. The first phase involved storing and processing “customer data” (the information that customers actively provide to Microsoft) within the EU. The second phase, which ended in late 2023, expanded this capability to “all personal data,” including automated system logs generated by Microsoft services.
By offering local storage and processing for all personal data, Microsoft hopes to address the concerns of customers who want to comply with EU data protection laws, such as the General Data Protection Regulation (GDPR). These laws require data controllers and processors to ensure that personal data is adequately protected and is not transferred to third countries without appropriate safeguards.
Microsoft's data localization offering is available for its core cloud services, such as Azure, Microsoft 365, Dynamics 365, and Power Platform. Customers can choose to enroll in the EU data cap for Microsoft Cloud through their service settings. Once they do, they can access a dashboard that shows them where their data is located and how it is processed.
Julie Brill, vice president and chief privacy officer at Microsoft, said in a blog post that the company is committed to giving customers more choice and control over their data. She also said that Microsoft will continue to invest in its cloud infrastructure in the EU and support the development of a common European cloud framework.
