July 4, 2011
At the Office 365 launch, Gordon Frazer, managing director of Microsoft UK, gave the first admission that cloud data — regardless of where it is in the world — is not protected against the USA PATRIOT Act.
It was honestly music to my ears. After a year of researching the Patriot Act’s breadth and ability to access data held within protected EU boundaries , Microsoft finally and openly admitted it.
The question put forward:
“Can Microsoft guarantee that EU-stored data, held in EU based datacenters, will not leave the European Economic Area under any circumstances — even under a request by the Patriot Act?”
Frazer explained that, as Microsoft is a U.S.-headquartered company, it has to comply with local laws (the United States, as well as any other location where one of its subsidiary companies is based).
Though he said that “customers would be informed wherever possible”, he could not provide a guarantee that they would be informed — if a gagging order, injunction or U.S. National Security Letter permits it.
He said: “Microsoft cannot provide those guarantees. Neither can any other company“.