Data Trustees May Address Customers' Privacy Concerns

To placate data privacy concerns of customers with Microsoft’s hosted services including Azure, Dynamics CRM, and Office 365, Microsoft will expand some existing data centers and locate new data centers in Europe. The German data centers will incorporate a new role—a third-party data trustee—that will manage and control access to data, including legal requests for data access from governments or other entities. However, this third-party data trustee model is untested in U.S. or European courts, and while Microsoft appears to be at arm’s length from the data, customers will have to decide if this satisfies their privacy concerns.

The Role of the Data Trustee

Although Microsoft says the new data centers are in response to rapid growth of customer demand across Europe, the announcement that a subsidiary of Deutsche Telekom (DT) would control access to the data may actually do more to spur customer use of Microsoft’s hosted services in Europe.

According to Microsoft, access to customer data in the new German data centers will be under the control of a data trustee, T-Systems (a Frankfurt, Germany—based subsidiary of DT). Under this arrangement, while Microsoft will build, pay for, operate, and presumably bill for data center use, Microsoft will not be able to access the hosted data without the permission of either the customer or the data trustee. If the data trustee grants Microsoft access to the customer’s data, the trustee will supervise such access.