Microsoft has cobbled together a deal to put telecom giant Deutsche Telekom in control of its Germany-based customer data.
The agreement will see Deutsche Telekom subsidiary T-Systems become Microsoft’s German “data trustee” of all customer data stored in two new data centre regions in Germany, located in Magdeburg and Frankfurt am Main.
Microsoft expects German-based Azure, Office 365 and Dynamics CRM Online services to launch in the second half of 2016.
When it launches, Microsoft’s German customers will need to sign a contract that enables Deutsche Telekom’s T-Systems to act as the data trustee.
“Under the contract, Microsoft will have no access to customer data unless granted by T-Systems or customers,” Deutsche Telekom said in a statement today.
There are heightened concerns over US surveillance in Europe after former CIA hand Edward Snowden revealed details of National Security Agency programs like PRISM. Evidence of this supported the recent European Court of Justice’s ruling to invalidate the EU-US Safe Harbour Agreement, making it much more difficult to legally transfer EU user data to the US.
It is the latest sign of the Balkanisation of the internet and follows Microsoft's recent renewal of a partnership with 21Vianet in China to deliver cloud services through the local intermediary.
The new German contract should also mean data from users of German-based Microsoft cloud services will be more tightly linked to German surveillance and privacy laws than US laws.
“Our new datacenter regions in Germany, operated in partnership with Deutsche Telekom, will not only spur local innovation and growth, but offer customers choice and trust in how their data is handled and where it is stored,” said Microsoft CEO Satya Nadella.
However the new data centres and the data trustee agreement with Deutsche Telekom could be significant to Microsoft as the battle for supremacy in the cloud comes down to latency and data sovereignty.
Microsoft’s new data centres will help it respond to Amazon Web Services (AWS), which announced the launch of a new UK region last week, adding to its Dublin and Frankfurt regions. As AWS CTO highlighted last week, “strong data sovereignty” was one of the the key benefits of the AWS UK region scheduled to come online in late 2016.
Meanwhile, the agreement with Deutsche Telekom could add weight to Microsoft's legal battle with the US government over a warrant that demands Microsoft provide access to email stored in its Irish data centre for a US criminal investigation.
US law enforcement has only asked Microsoft to produce the email online from US soil and has not requested physical access to the Irish data centre. Microsoft has likened the warrant to US law enforcement kicking down the doors of its EU data centres when it lacks the legal authority to do so. It's campaigning for an interpretation of US law that would require authorities there to seek agreement from Irish authorities to access the email.Read more: Realtime firewall-endpoint links focus, accelerate IT-security response: Sophos exec
US judges have so far supported US government’s authority to issue such a warrant, however if Microsoft faces a similar scenario in the context of German user data, presumably the new contract means Deutsche Telekom will need to grant access to the data.
This broadly fits the ideal trans-Atlantic data transfer rules recently outlined by Microsoft's chief legal counsel Brad Smith in response to Europe's top court killing off Safe Harbour.
"We need to create an expedited process for governmental entities in the U.S. and EU to access personal online information that is moved across the Atlantic and belongs to each other’s citizens by serving lawful requests directly with the appropriate authority in an individual’s home country," said Smith.
Want to know more?
Why not become a CSO member and subscribe to CSO's mailing list.
Get newsletters, updates, events and more right here.