The new protections Defending Your Data include a contractual commitment to challenge government requests for data as well as a monetary commitment.
These protections come after a ruling earlier this year from the Court of Justice for the European examining transfers of data from the EU as well as union and draft recommendations issued last week by the European Data Protection Board (EDPB) about how companies can comply with this ruling.
“We believe the new steps we’re announcing today go beyond the law and the EDPB draft recommendations, and we hope these additional steps will give our customers added confidence about their data,” Microsoft wrote in a blog post.
First, Microsoft said it is committed to challenge every government request for public sector or enterprise customer data – from any government – where there is a lawful basis for doing so.
Secondly, Microsoft stated that it will provide monetary compensation to customers’ users if they disclose their data in response to a government request in violation of the EU’s General Data Protection Regulation (GDPR).
The company assures its customers that it encrypts customer data with a high standard of encryption both when it is in transit and at rest, doesn’t provide governments with direct, unfettered access to customer data, is transparent, and has a track record of legal success.
“We hope the steps we have announced today demonstrate to our enterprise and public sector customers that we will go above and beyond the law to defend their data, and the data of their users,” Microsoft said.