Enterprise Cloud Agreements Comply with EU Privacy Rules

Agreements for Microsoft hosted enterprise services, such as Office 365 and Azure, comply with certain European Union (EU) privacy regulations designed to protect personal data. The finding means that in the opinion of the EU, Microsoft has the necessary safeguards in place to protect the privacy of customer data that organizations store in these services. However, organizations remain ultimately responsible for complying with privacy regulations. Furthermore, the EU’s finding does not apply to agreements for consumer-focused Microsoft hosted services, such as Outlook.com or Microsoft Account, which users might employ for work and which might store or transfer personal data.

Enterprise Cloud Agreements and the EU Model Clauses

To ensure a consistent set of privacy policies across the EU, 28 Data Protection Authorities, one for each member country, supply members to working committees, such as the Article 29 Working Party. In turn, the Article 29 Working Party issues opinions on privacy regulations, which include a set of Model Clauses designed to help service providers create agreements that address the EU’s privacy requirements.