In November, Microsoft announced updated privacy provisions for commercial cloud contracts. The aim of this move was to bring more transparency in regards to how the company dealt with customer data processed in the cloud. Notably, the European Data Protection Supervisor (EDPS) had previously found that Microsoft had been unable to protect data according to the European Union (EU) laws.
Now, the tech giant has rolled out its updated Online Services Terms (OST) to all its commercial customers. These include the public and private sector, large enterprises, and smaller businesses across the globe.
The latest OST clarifies Microsoft"s role as the assumed data controller when data relevant to its online services such as Azure and Office 365 is processed under "administrative and operational" purposes. GDPR terms are also noted to be strictly adhered under this, and this is showcased clearly so as to affirm the Redmond giant"s commitment to the updated privacy laws. At the beginning of last year, the firm announced similar updates to its policies in order to comply with privacy regulations that were being implemented at the time.
Importantly, Microsoft collaborated with the Dutch Ministry of Justice (MOJ) to develop the contractual changes undertaken as part of this process. Over the next few months, feedback from not only the Dutch MOJ, but from customers all over the world will be incorporated in the form of further changes to the OST that are anticipated by Microsoft.