Microsoft will allow foreign customers to have their personal data stored on servers outside the US, breaking ranks with other big technology groups that until now have shown a united front in response to the American surveillance scandal.
Brad Smith, general counsel of Microsoft, said that although many tech companies were opposed to the idea, it had become necessary following leaks that showed the US National Security Agency had been monitoring the data of foreign citizens from Brazil to across the EU.
“People should have the ability to know whether their data are being subjected to the laws and access of governments in some other country and should have the ability to make an informed choice of where their data resides,” he told the FT.
Mr Smith added that customers could choose where to store their data from a variety of existing Microsoft data centers. For example, a European client could choose to have their data stored in the group’s Irish data center.
Keeping the information off US soil and under local data protection rules should make it harder for the NSA to tap into illicitly, Mr Chester said. “If the data are not being transported, then it does stop that kind of access.”
Mr Smith acknowledged that it would be expensive but added “does it mean that you ignore what customers want? That’s not a smart business strategy.”
Following revelations made by Edward Snowden, the former NSA contractor, EU companies and consumers have become concerned about the way US tech groups such as Google, Facebook and Microsoft share their data with US authorities.
“Our entire industry is concerned that some customers outside the US are feeling less confident with [American] online services today,” Mr Smith said. “Technology today requires that people have a high degree of trust in the services they are using . . . The events of the last year undermine some of that trust [and] that is one of the reasons new steps are needed to address it.”
Mr Smith also said that the US and EU should consider signing an international agreement that ensures they will not try to seek data in each other’s territory via technology companies.
“If you want to ensure that one government doesn’t seek . . . to reach data in another country, the best way to do it is . . . an international agreement between those two countries. Secure a promise by each government that it will act only pursuant to due process and along the way improve the due process.”
He argued that the existing “Mutual Legal Assistance Treaty” mechanism used by the US and EU to protect individuals’ rights from the two blocs is outdated: “It needs to be modernised or replaced.”