The tech giant is creating a Privacy Engineering Centre of Excellence in Dublin to help customers understand where data is held and processed.
Microsoft will allow European commercial and public sector customers to have their data stored and processed solely in Europe, with the initiative to be led from Dublin.
The tech giant said the move is a result of growing demand and concern from customers over where exactly their data activity takes place and whether data moves from jurisdiction to jurisdiction.
Microsoft said companies can now opt to keep data activity, from storing to processing, within the physical confines of the European Union where it will be subject to EU law including GDPR.
“This commitment will apply across all of Microsoft’s core cloud services – Azure, Microsoft 365 and Dynamics 365,” Brad Smith, president and chief legal officer, said.
Microsoft has data centres in Ireland – it recently secured planning permission to expand facilities in Dublin – and a dozen other European countries.
It also plans to open what it calls a Privacy Engineering Centre of Excellence in Dublin to guide customers through the process of securing their data in Europe and meeting regulatory requirements.
“We are beginning work immediately on this added step, and we will complete by the end of next year the implementation of all engineering work needed to execute on it. We’re calling this plan the EU Data Boundary for the Microsoft Cloud,” Smith said.
“Our EU Data Boundary for the Microsoft Cloud will be powered by our substantial and ongoing investments in an expansive European data centre infrastructure.”
He added that he believes the EU Data Boundary plan fits in with the European Commission’s initiative called Europe Fit for the Digital Age.
Microsoft’s latest move comes amid heightened scrutiny over where exactly cloud firms store and process data and what protections are in place.
The matter of data flows from one jurisdiction to another can be a legally tricky one, depending on the countries and regulations involved.
The legal standing of data flows between the US and Europe remains in a state of flux after the European Court of Justice struck down Privacy Shield last year, a legal mechanism that allowed for data to flow across the Atlantic. No new agreement is yet in sight.
At the heart of the dispute over Privacy Shield, and its predecessor Safe Harbour, was what happens to Europeans’ data once it leaves Europe. The agreements provided no robust protections to ensure that a European’s data wouldn’t be snooped on as part of US mass surveillance.