Microsoft has announced that it will expand its data localization efforts in the European Union to include system logs, which are records of events and activities that occur in its cloud services. This means that Microsoft will store and process these logs within the EU, rather than transferring them to other regions.
The company said this move is part of its commitment to meet the changing needs and expectations of its customers, as well as to comply with EU data protection laws and regulations. Microsoft added that it will offer this option to all of its enterprise and public sector customers in the EU by the end of 2022.
Data localization is the practice of storing and processing data within a specific geographic region, rather than transferring it across borders. Some countries and regions have enacted laws or policies that require or encourage data localization, whether for economic, privacy or national security reasons. Data localization may also be a preference or requirement for some customers, especially in highly regulated industries or sectors.
Microsoft has been investing in data localization initiatives in the EU for several years, as part of its broader strategy to build a “trusted cloud” that respects local laws and values. In 2015, Microsoft launched its first cloud regions in Germany, operated by a local data steward. In 2018, Microsoft announced that it would offer cloud services from new data center regions in France, Germany and Switzerland. In 2020, Microsoft revealed that it would enable its customers to store and process all of their core customer data within the EU by the end of 2022.
System logs are a type of data generated by cloud services to monitor their performance, security and reliability. System logs can contain information such as IP addresses, device identifiers, timestamps and error codes. System logs are different from client data, which is data that clients upload or create using cloud services, such as files, emails, messages or databases.
Microsoft said it will apply the same high standards of security, privacy and compliance to system logs as it does to customer data. Microsoft also said it will continue to work with regulators, policymakers and industry partners to advance its vision of a trusted cloud that empowers customers and respects their choices.
Microsoft continues to expand its data localization offering in the EU. The company announced today that it has completed the second phase of its “EU Data Limits for Microsoft Cloud” project, which aims to give customers more control and transparency over where their data is stored and processed.
The project, which was launched in early 2023, consists of two phases. The first phase involved storing and processing “customer data” (information that customers actively provide to Microsoft) within the EU. The second phase, which ended at the end of 2023, extended this capability to “all personal data,” including automated system logs generated by Microsoft services.
By offering local storage and processing for all personal data, Microsoft hopes to address the concerns of customers who want to comply with EU data protection laws, such as the General Data Protection Regulation (GDPR). These laws require data controllers and processors to ensure that personal data is adequately protected and not transferred to third countries without appropriate safeguards.
Microsoft’s data localization offering is available for its core cloud services, such as Azure, Microsoft 365, Dynamics 365 and Power Platform. Customers can choose to sign up for the EU data limit for Microsoft Cloud through their service settings. Once they do, they can access a dashboard that shows them where their data is located and how it is processed.
Julie Brill, Microsoft’s vice president and chief privacy officer, said in a blog post that the company is committed to giving customers more choice and control over their data. She also said Microsoft will continue to invest in its cloud infrastructure in the EU and support the development of a common European cloud framework.