Only last year Microsofts President and Chief Lawyer Brad Smith (Page 4, on top of the page) stated that only online products can be trusted when all personal data is secured by national laws. Now, one year later, Microsoft announced that they terminated the collaboration with their German data trustee T-Systems, who played an essential role for the Microsoft Cloud especially for Germany. New customers of the Microsoft Cloud will automatically be users of the global Microsoft Cloud.

In order to prevent US authorities to have the possibility to have access to data of their customers, Microsoft launched the Cloud for Germany with T-Systems as their data trustee. The corporation itself only would be able to access this kind of data in exceptional cases and even then only under supervision.

watch Believing instead of knowing?

The “Germany Cloud” of Microsoft is being supervised by T-Systems. The collaboration around the Cloud follows an apparently very strict construct of contracts. According to a test of heise.de, however, the degree of data security and data safety Microsoft claimed it to be, could not be proven.

see Will now the Microsoft Privacy Statement apply?

The data-security-friendly attitude of Microsoft did not hold up for a long time as they now terminated the Cloud for Germany. Companies that are using the cloud-products of Microsoft have to anticipate that their data that Microsoft and all of its partner companies will be stored in the US or even in countries like Hong Kong. This is especially precarious, as the data security laws partially have been declared as inappropriate by the EU commission. In some cases there may not even be a regulatory authority for this matter.

(That’s how you can find the source: 1. Go to the Microsoft Privacy Statement, 2. Click on the subheading “Further important information about the Privacy Statement”, 3. Go to “Further Information” and look for the point “Where we save your data”)

click here More awareness for the Cloud

go to link  Customers of the products like Microsoft Teams, which is part of Office 365 should be aware of the conditions of the global Microsoft-Cloud. Ultimately, the US authorities reserves itself the right to access all data of customers and its content on basis of the US-Freedom Act (Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act).

American internet-companies and IT-service providers are since the new USA CLOUD Act obliged to see grant US authorities access to their data, even when the data is not stored in the US.

enter site European players in the economy have to resist the appetite for data of the US

follow  The messaging- and collaboration-solution Grape is as an European company immune to the guidelines of the Freedom Act and can therefore guarantee complete data security (“Privacy by Design”).

  • Grape conforms to EU-GDPR rules and prioritizes data security
  • Grapes Cloud-servers are exclusively hosted in Germany
  • With the help of an own Grape-server (“on-premise solution”) can Grape customers regain full control over their internal communication and data.

see European alternative to US-collaboration tools

“If Europe wants to become a leading force not only in the economy, but also in digitalization, we strongly suggest a rapid change in thinking with regards to Cloud-services and collaboration tools“, explains Felix Häusler, CEO and founder of the Viennese messaging- and collaboration-solution Grape. An example of this would be arrest of the Volkswagen-managers in the US because of the diesel scandal. Grape offers an enterprise messenger that is tailored especially for the needs and data security demands of European companies. “Sensitive data from internal company communication should never be saved on Clouds of US-providers“, warns Häusler.

What European companies should know about the US-Freedom Act and the US CLOUD Act:

US Freedom Act:

“Even though American authorities have to have at least a suspect case, e.g. that the concerned user is of potential danger for others. Irrespective of this, nothing can get in the way of surveillance and analysis of telecommunication data on a huge scale.

US CLOUD Act:

“American internet-companies and IT-service providers are since the new US CLOUD Act obliged to grant US authorities acces to their data, even when the data is not stored in the US. This violates several points of the EU-GDPR policy.

 

Sources of the blog entry:


_

Photo-Credits:

Header “Microsoft”: 360b / Shutterstock
Picture Felix Häusler: Lisa Resatz & magazine Digital Business Leader

_

Daniel Kauss

Written by Daniel Kauss

Daniel is Grape's CMO. Born and raised in Germany he moved to Austria in 2005. In Vienna he founded an agency for events and digital marketing and sold it in 2017 before he joined Grape.

back to blog