Microsoft acknowledges inability to safeguard EU data from US demands
- Microsoft France's director testified before the French Senate regarding data protection issues.
- He admitted that the company cannot guarantee protection against U.S. government access to EU data.
- This acknowledgment raises concerns about reliance on U.S. cloud providers and prompts calls for local data sovereignty initiatives.
In a recent testimony before a French Senate inquiry, Microsoft France's director of public and legal affairs, Anton Carniaux, revealed the company's inability to ensure that French citizens' data would remain protected from U.S. government access. The Senate inquiry, which revolved around public procurement's role in promoting digital sovereignty, raised significant concerns over the future of data protection in Europe. Carniaux stated that while Microsoft does strive to resist unfounded requests from U.S. authorities, under the U.S. Cloud Act, American companies, including Microsoft, are compelled to comply with governmental requests for data, regardless of the data's storage location. This revelation highlights the ongoing and growing concerns regarding the European Union's data sovereignty when dealing with major U.S. cloud providers. The inquiry focused particularly on Project Bleu, a joint initiative involving Microsoft, Orange, and Capgemini, and the implications this project might have for sensitive data, including health information. Senate members voiced unease over the potential sharing of health data between Microsoft Azure and the Health Data Hub, suggesting the two platforms might not be adequately segregated to prevent unauthorized data flows. Mark Boost, CEO of cloud provider Civo, commented on the significance of Carniaux's admission, noting that the reality under U.S. laws exposes vulnerabilities that could impact privacy, national security, and competitiveness of European firms in the digital landscape. He emphasized the need for Europe to move towards building its own cloud infrastructure to ensure true data sovereignty, rather than relying on U.S. cloud services that might compromise data security. According to a European Parliament report, U.S. firms dominate the cloud infrastructure market in Europe, holding 69% of the market share, which raises concerns about the EU's dependency on these providers for essential services. As the inquiry in France has brought forward critical questions about the adequacy of data protection, it opens avenues for further discussions across the UK and EU to ensure that local solutions can be developed to foster true digital sovereignty in an increasingly interconnected world.