Skip to main content
close search
site logo
Dive Brief

Microsoft heightens privacy obligations with updates to cloud contracts

Published Nov. 18, 2019
Roberto Torres's headshot
Editor
Wikimedia; MPD01605

Dive Brief:

  • After receiving feedback from the Dutch Ministry of Justice — a public sector customer — Microsoft updated its commercial cloud contract terms to broaden the scope of its data privacy responsibilities, the company announced Monday.  
  • Under current Microsoft Online Services Terms (OST), the company fits the profile of a "data processor" according to the General Data Protection Regulations. The renewed terminology will go a step above and define Microsoft as a "data controller" when it processes user data for specific purposes, including account management, financial reporting, combating cyberattacks and complying with legal obligations. 
  • Elevating its privacy oversight role in these cases will offer customers more clarity about data usage, said Julie Brill, corporate VP for global privacy and regulatory affairs and chief privacy officer, in a blog post announcing the updates. The changes will be offered to public sector and enterprise customers at the beginning of 2020.

Dive Insight:

When it comes to privacy, the Microsoft playbook upholds privacy norms and expands the standards past the scope of the regulations.

In 2018, before GDPR went into effect, Microsoft announced it would extend the core part of the legislation — mainly, the Data Subject Rights standard — to customers beyond the European Union

On Tuesday, just weeks ahead of California Consumer Privacy Act (CCPA) enactment date, Microsoft said it would expand the provisions of the law to all of its U.S. customers, even before rules were finalized.

The company also offered to help its enterprise customers comply with the state law's requirements.

Amid increased consumer interest in data privacy, there's a business case for heightening a company's profile as a privacy overseer. Customers will view these companies as more desirable business partners, said Bart Willemsen, VP analyst at Gartner, during the IT Symposium/Xpo in Orlando, Florida last month.

The continued expansion of privacy compliance from Microsoft also lays the groundwork for the possibility of a federal data privacy law. At present, just a handful of states have made strides toward state-level privacy provisions. California is the only state that has approved comprehensive privacy regulation. 

Recommended Reading

Filed Under: IT Strategy, Security

Editors' picks

Company Announcements

View all | Post a press release
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell